ByteOS Network

gentlesource

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-9851

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-0.03% / 9.31%

7 Day CHG~0.00%

Published-17 Sep, 2025 | 01:49

Updated-08 Apr, 2026 | 16:57

Appointmind <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmind_calendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-gentlesource

Product-Appointmind

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2024-51679

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.17% / 37.12%

7 Day CHG~0.00%

Published-14 Nov, 2024 | 21:34

Updated-28 Apr, 2026 | 16:10

WordPress Appointmind plugin <= 4.0.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in gentlesource Appointmind appointmind allows Stored XSS.This issue affects Appointmind: from n/a through <= 4.0.0.

Vendor-appointmind gentlesource

Product-appointmind Appointmind

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)