A vulnerability was found in dwbooster Booking Calendar Contact Form up to 1.0.23 . It has been classified as problematic . This impacts an unknown function of the file admin-ajax.php . The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2016-20070 . The attack is possible to be carried out remotely. Moreover, an exploit is present.