CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36139
https://notcve.org/view.php?id=CVE-2023-36139
In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. En PHPJabbers Cleaning Business Software 1.0, la falta de verificación al cambiar una dirección de correo electrónico y/o contraseña (en la Página de Perfil) permite a atacantes remotos tomar el control de cuentas. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/cleaning-business-software • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36141
https://notcve.org/view.php?id=CVE-2023-36141
User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. Se ha encontrado una enumeración de usuarios en PHPJabbers Cleaning Business Software v1.0. Este problema se produce durante la recuperación de contraseñas, donde una diferencia en los mensajes podría permitir a un atacante determinar si el usuario es válido o no, permitiendo un ataque de fuerza bruta con usuarios válidos. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/cleaning-business-software •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36137
https://notcve.org/view.php?id=CVE-2023-36137
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0. Hay una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "theme" de preview.php en PHPJabbers Class Scheduling System 1.0. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/class-scheduling-system • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36133
https://notcve.org/view.php?id=CVE-2023-36133
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change. Availability Booking Calendar 5.0 de PHPJabbers es vulnerable a la toma de control de cuentas de usuario mediante el cambio de nombre de usuario/contraseña. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/availability-booking-calendar •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36132
https://notcve.org/view.php?id=CVE-2023-36132
PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control. Availability Booking Calendar 5.0 de PHP Jabbers es vulnerable al Control de Acceso Incorrecto. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/availability-booking-calendar •