CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48831 – PHPJabbers Availability Booking Calendar 5.0 Missing Rate Limiting
https://notcve.org/view.php?id=CVE-2023-48831
A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. La falta de limitación de velocidad en pjActionAJaxSend en Availability Booking Calendar 5.0 permite a los atacantes provocar el agotamiento de los recursos. PHPJabbers Availability Booking Calendar version 5.0 suffers from a missing rate limiting control that can allow for resource exhaustion. • http://packetstormsecurity.com/files/176039 https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48825 – PHPJabbers Availability Booking Calendar 5.0 HTML Injection
https://notcve.org/view.php?id=CVE-2023-48825
Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Availability Booking Calendar 5.0 es vulnerable a múltiples problemas de inyección de HTML a través de la clave API de SMS o el código de país predeterminado. PHPJabbers Availability Booking Calendar version 5.0 suffers from an html injection vulnerability. • http://packetstormsecurity.com/files/176033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48208 – PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. Vulnerabilidad de Cross-Site-Scripting en Availability Booking Calendar 5.0 permite a un atacante inyectar JavaScript a través del parámetro nombre, plugin_sms_api_key, plugin_sms_country_code, uuid, título o nombre de país en index.php. PHPJabbers Availability Booking Calendar version 5.0 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/175805 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48207 – PHPJabbers Availability Booking Calendar 5.0 CSV Injection
https://notcve.org/view.php?id=CVE-2023-48207
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. Availability Booking Calendar 5.0 permite la inyección de CSV a través del campo de ID único en el componente de lista de Reservas. PHPJabbers Availability Booking Calendar version 5.0 suffers from a CSV injection vulnerability. • http://packetstormsecurity.com/files/175804 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4110 – PHP Jabbers Availability Booking Calendar index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-4110
A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. • http://packetstormsecurity.com/files/173926/PHPJabbers-Availability-Booking-Calendar-5.0-Cross-Site-Scripting.html https://vuldb.com/?ctiid.235957 https://vuldb.com/?id.235957 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •