CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40758
https://notcve.org/view.php?id=CVE-2023-40758
28 Aug 2023 — User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. • https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36311
https://notcve.org/view.php?id=CVE-2023-36311
10 Aug 2023 — There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36309
https://notcve.org/view.php?id=CVE-2023-36309
10 Aug 2023 — There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0. Existe una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "action" de index.php en PHPJabbers Document Creator v1.0. • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36310
https://notcve.org/view.php?id=CVE-2023-36310
10 Aug 2023 — There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36313
https://notcve.org/view.php?id=CVE-2023-36313
10 Aug 2023 — PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed". • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •