CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48825 – PHPJabbers Availability Booking Calendar 5.0 HTML Injection
https://notcve.org/view.php?id=CVE-2023-48825
04 Dec 2023 — Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Availability Booking Calendar 5.0 es vulnerable a múltiples problemas de inyección de HTML a través de la clave API de SMS o el código de país predeterminado. PHPJabbers Availability Booking Calendar version 5.0 suffers from an html injection vulnerability. • https://packetstorm.news/files/id/176033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48831 – PHPJabbers Availability Booking Calendar 5.0 Missing Rate Limiting
https://notcve.org/view.php?id=CVE-2023-48831
04 Dec 2023 — A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. La falta de limitación de velocidad en pjActionAJaxSend en Availability Booking Calendar 5.0 permite a los atacantes provocar el agotamiento de los recursos. PHPJabbers Availability Booking Calendar version 5.0 suffers from a missing rate limiting control that can allow for resource exhaustion. • https://packetstorm.news/files/id/176039 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48207 – PHPJabbers Availability Booking Calendar 5.0 CSV Injection
https://notcve.org/view.php?id=CVE-2023-48207
20 Nov 2023 — Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. Availability Booking Calendar 5.0 permite la inyección de CSV a través del campo de ID único en el componente de lista de Reservas. PHPJabbers Availability Booking Calendar version 5.0 suffers from a CSV injection vulnerability. • https://packetstorm.news/files/id/175804 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48208 – PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48208
20 Nov 2023 — A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. Vulnerabilidad de Cross-Site-Scripting en Availability Booking Calendar 5.0 permite a un atacante inyectar JavaScript a través del parámetro nombre, plugin_sms_api_key, plugin_sms_country_code, uuid, título o nombre de país en index.php. PHPJabbers Availability Booking Calendar version... • https://packetstorm.news/files/id/175805 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36131
https://notcve.org/view.php?id=CVE-2023-36131
03 Aug 2023 — PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter. Availability Booking Calendar 5.0 de PHPJabbers es vulnerable a un Control de Acceso Incorrecto debido a una incorrecta validación de entrada del parámetro de contraseña. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36132
https://notcve.org/view.php?id=CVE-2023-36132
03 Aug 2023 — PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control. Availability Booking Calendar 5.0 de PHP Jabbers es vulnerable al Control de Acceso Incorrecto. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36133
https://notcve.org/view.php?id=CVE-2023-36133
03 Aug 2023 — PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change. Availability Booking Calendar 5.0 de PHPJabbers es vulnerable a la toma de control de cuentas de usuario mediante el cambio de nombre de usuario/contraseña. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2023-4110 – PHP Jabbers Availability Booking Calendar index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-4110
03 Aug 2023 — A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. • https://packetstorm.news/files/id/173926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •