CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48840 – PHPJabbers Appointment Scheduler 3.0 Missing Rate Limiting
https://notcve.org/view.php?id=CVE-2023-48840
04 Dec 2023 — A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. La falta de limitación de velocidad en pjActionAjaxSend en Appointment Scheduler 3.0 permite a los atacantes provocar el agotamiento de los recursos. PHPJabbers Appointment Scheduler version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion. • https://packetstorm.news/files/id/176056 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48839 – PHPJabbers Appointment Scheduler 3.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48839
04 Dec 2023 — Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Appointment Scheduler 3.0 es vulnerable a problemas de Múltiple Coss-Site Scripting (XSS) Almacenado a través del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, título, nombre de país o parámetro customer_name. PHPJabbers Appointment Scheduler version 3.0 suffers from multiple p... • https://packetstorm.news/files/id/176055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48838 – PHPJabbers Appointment Scheduler 3.0 HTML Injection
https://notcve.org/view.php?id=CVE-2023-48838
04 Dec 2023 — Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. Appointment Scheduler 3.0 es vulnerable a múltiples problemas de inyección de HTML a través de la clave API de SMS o el código de país predeterminado. PHPJabbers Appointment Scheduler version 3.0 suffers from multiple html injection vulnerabilities. • https://packetstorm.news/files/id/176054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48841 – PHPJabbers Appointment Scheduler 3.0 CSV Injection
https://notcve.org/view.php?id=CVE-2023-48841
04 Dec 2023 — Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Appointment Scheduler 3.0 es vulnerable a la inyección CSV a través de una acción Idioma > Etiquetas > Exportar. PHPJabbers Appointment Scheduler version 3.0 suffers from a CSV injection vulnerability. • https://packetstorm.news/files/id/176058 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36127
https://notcve.org/view.php?id=CVE-2023-36127
10 Oct 2023 — User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. La enumeración de usuarios se encuentra en PHPJabbers Appointment Scheduler 3.0. Este problema ocurre durante la recuperación de contraseña, donde una diferencia en los mensajes podría permitir a un atacante determinar si el usuario es válido o no, lo q... • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-203: Observable Discrepancy •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36126
https://notcve.org/view.php?id=CVE-2023-36126
10 Oct 2023 — There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 Hay una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "theme" de preview.php en PHPJabbers Appointment Scheduler v3.0 • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2014-10010 – PHPJabbers Appointment Scheduler 2.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-10010
13 Jan 2015 — Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller. Vulnerabilidad de salto de directorio en PHPJabbers Appointment Scheduler 2.0 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro id en una acción pjActionDownload en el controlador pjBackup. • https://www.exploit-db.com/exploits/30911 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 3CVE-2014-10001 – PHPJabbers Appointment Scheduler 2.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-10001
13 Jan 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller. Múltiples vulnerabilidades de CSRF en PHPJabbers Appointment Scheduler 2.0 permiten a atacantes r... • https://www.exploit-db.com/exploits/30911 • CWE-352: Cross-Site Request Forgery (CSRF) •