SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.

Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.

Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.

SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack.

Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.

An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.

Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.

The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection.

The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.

The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.