CVE-2023-23012

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-23012

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-23012.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-23012

Published

2023-01-20T19:15:18.060Z

Modified

2025-11-15T06:12:09.454233Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.

References

Affected packages

Git / github.com/craigrodway/classroombookings

Affected ranges

Type: GIT
Repo: https://github.com/craigrodway/classroombookings
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8977b42edb01f332a2e8abed1518a3f25287740e

Affected versions

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.2.0

v2.3.0

v2.3.0-beta.1

v2.3.0-beta.2

v2.3.1

v2.3.2

v2.4.0

v2.4.1

v2.5.0

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4