CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33561
https://notcve.org/view.php?id=CVE-2023-33561
Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords. La validación incorrecta del parámetro de contraseña en Time Slots Booking Calendar v 3.3 de PHPJabbers resulta en contraseñas inseguras. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/time-slots-booking-calendar •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33560
https://notcve.org/view.php?id=CVE-2023-33560
There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Existe una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "cid" de preview.php en Time Slots Booking Calendar v3.3 de PHPJabbers. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/time-slots-booking-calendar • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33564
https://notcve.org/view.php?id=CVE-2023-33564
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Existe una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "theme" de preview.php en Time Slots Booking Calendar v3.3 de PHPJabbers. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/time-slots-booking-calendar • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33562
https://notcve.org/view.php?id=CVE-2023-33562
User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. La enumeración de usuarios se encuentra en Time Slots Booking Calendar v3.3 de PHPJabbers. Este problema se produce durante la recuperación de contraseñas, donde una diferencia en los mensajes podría permitir a un atacante determinar si el usuario es válido o no, permitiendo un ataque de fuerza bruta con usuarios válidos. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/time-slots-booking-calendar •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33563
https://notcve.org/view.php?id=CVE-2023-33563
In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. En Time Slots Booking Calendar 3.3 de PHP Jabbers, la falta de verificación al cambiar una dirección de correo electrónico y/o contraseña (en la Página de Perfil) permite a atacantes remotos tomar el control de cuentas. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/time-slots-booking-calendar • CWE-287: Improper Authentication •