CVE-2022-2690 LOW

CVE-2022-2690: SourceCodester Wedding Hall Booking System Booking Form cross site scripting

Vendor Sourcecodester
Product Wedding Hall Booking System
Weakness CWE-79 · XSS
Published August 6, 2022
Last update April 15, 2025
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file /whbs/?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205813 was assigned to this vulnerability.

Key dates

02Disclosure timeline

August 6, 2022 CVE published
April 15, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-0914 WP DSGVO Tools (GDPR) <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode CVE-2022-1255 Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting CVE-2024-37472 WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-26893 WordPress Easy Charts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability CVE-2026-13558 CodeAstro Complaint Management System Report addreport cross site scripting