CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36134
https://notcve.org/view.php?id=CVE-2023-36134
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. En Class Scheduling System 1.0 de PHPJabbers, la falta de verificación al cambiar una dirección de correo electrónico y/o contraseña (en la Página de Perfil) permite a atacantes remotos tomar el control de cuentas. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/class-scheduling-system • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36135
https://notcve.org/view.php?id=CVE-2023-36135
User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. Una enumeración de usuarios fue detectada en Class Scheduling System v1.0 de PHPJabbers. Este problema se produce durante la recuperación de contraseñas, donde una diferencia en los mensajes podría permitir a un atacante determinar si el usuario es válido o no, permitiendo un ataque de fuerza bruta con usuarios válidos. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/class-scheduling-system •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36138
https://notcve.org/view.php?id=CVE-2023-36138
PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php. PHPJabbers Cleaning Business Software 1.0 es vulnerable a Cross Site Scripting (XSS) a través del parámetro theme de preview.php. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/cleaning-business-software • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33561
https://notcve.org/view.php?id=CVE-2023-33561
Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords. La validación incorrecta del parámetro de contraseña en Time Slots Booking Calendar v 3.3 de PHPJabbers resulta en contraseñas inseguras. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/time-slots-booking-calendar •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33560
https://notcve.org/view.php?id=CVE-2023-33560
There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Existe una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "cid" de preview.php en Time Slots Booking Calendar v3.3 de PHPJabbers. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/time-slots-booking-calendar • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •