从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 插件名称:Appointment Booking Calendar “Settings” > “Notifications”。 - 步骤7:点击“Email (Admin)”并编辑,这将触发XSS。 5. 受影响的插件:simply-schedule-appointments 6. CVE编号:CVE-2024-7876 7. 分类: - 类型:XSS - OWASP Top 10:A7: Cross-Site Scripting (XSS) - CWE:CWE-79 - CVSS:3.5 (low) 8. 其他: - 原始研究者:Jeewan Kumar Bhatta - 提交者:Jeewan Kumar Bhatta - 提交者网站:https://jeewanbhatta.com.np - 验证:是 - WPVDB ID:fffe862f-5bf0-4a05-9d32-caff0bfdb860 - 发布日期:2024-10-15 - 添加日期:2024-10-15 - 最后更新日期:2024-10-15 - 其他相关漏洞: - OnePress <= 2.3.8 - Authenticated (Author+) Stored Cross-Site Scripting - Camera slideshow <= 1.4.0.1 - Reflected Cross-Site Scripting - Woocommerce Products Price Bulk Edit <= 2.0 - XSS - WP Bannerize Pro < 1.7.0 - Reflected XSS - HashBar - WordPress Notification Bar < 1.4.2 - Authenticated (Author+) Stored Cross-Site Scripting