Bookingcore Booking Core — known CVE vulnerabilities
Every CVE whose affected-product data names Bookingcore Booking Core, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-37333 — CVSS 9.8 (critical): Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/chang…
CVE-2020-25445 — CVSS 7.8 (high): The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the…
CVE-2020-27379 — CVSS 6.5 (medium): Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being…
CVE-2020-25444 — CVSS 5.4 (medium): Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself”…
CVE-2021-37330 — CVSS 5.4 (medium): Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be…
CVE-2021-37331 — CVSS 5.3 (medium): Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or…