Twinkletoessoftware Booked — known CVE vulnerabilities
Every CVE whose affected-product data names Twinkletoessoftware Booked, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2019-9581 — CVSS 8.8 (high): phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary…
CVE-2022-30706 — CVSS 6.1 (medium): Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web…
CVE-2023-24058 — CVSS 4.3 (medium): Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to…