Exploit for Appointment Hour Booking < 1.3.73 - Unauthenticated iFrame Injection CVE-2022-4035

Name: Exploit for Appointment Hour Booking < 1.3.73 - Unauthenticated iFrame Injection CVE-2022-4035
Rating: 5 (45 reviews)

2022-11-29 | CVSS 1.1

## https://sploitus.com/exploit?id=WPEX-ID:68DC41F0-934C-4008-A834-5E92627C6C71
As an unauthenticated user, submit a booking and put an iFrame payload in the email/general field parameter

The iFrame will be executed when a user access the injected booking page