CVE-2018-8737

Name of the Vulnerable Software and Affected Versions Bookme Control Panel version 2.0

Description The issue concerns a stored XSS vulnerability within the Customers function, specifically in the Name and Note sections, referred to as custName and custNote. The application fails to sanitize user-supplied input, allowing injected JavaScript code to be rendered in the user's browser.

Recommendations For Bookme Control Panel version 2.0, consider implementing input sanitization for the custName and custNote fields to prevent XSS attacks. As a temporary workaround, restrict the use of the Customers function until a proper fix is applied.