CVE-2015-7320

Name of the Vulnerable Software and Affected Versions Appointment Booking Calendar plugin versions prior to 1.1.8

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The estimated number of potentially affected devices and details about real-world incidents are not specified.

Recommendations For versions prior to 1.1.8, update to version 1.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the cpabc appointments admin int bookings list.inc.php file until a patch is applied. Avoid using unspecified vectors in the affected plugin until the issue is resolved.