8 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. La falta de limitación de velocidad en pjActionAJaxSend en Availability Booking Calendar 5.0 permite a los atacantes provocar el agotamiento de los recursos. PHPJabbers Availability Booking Calendar version 5.0 suffers from a missing rate limiting control that can allow for resource exhaustion. • http://packetstormsecurity.com/files/176039 https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Availability Booking Calendar 5.0 es vulnerable a múltiples problemas de inyección de HTML a través de la clave API de SMS o el código de país predeterminado. PHPJabbers Availability Booking Calendar version 5.0 suffers from an html injection vulnerability. • http://packetstormsecurity.com/files/176033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. Vulnerabilidad de Cross-Site-Scripting en Availability Booking Calendar 5.0 permite a un atacante inyectar JavaScript a través del parámetro nombre, plugin_sms_api_key, plugin_sms_country_code, uuid, título o nombre de país en index.php. PHPJabbers Availability Booking Calendar version 5.0 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/175805 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. Availability Booking Calendar 5.0 permite la inyección de CSV a través del campo de ID único en el componente de lista de Reservas. PHPJabbers Availability Booking Calendar version 5.0 suffers from a CSV injection vulnerability. • http://packetstormsecurity.com/files/175804 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. • http://packetstormsecurity.com/files/173926/PHPJabbers-Availability-Booking-Calendar-5.0-Cross-Site-Scripting.html https://vuldb.com/?ctiid.235957 https://vuldb.com/?id.235957 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •