CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48838 – PHPJabbers Appointment Scheduler 3.0 HTML Injection
https://notcve.org/view.php?id=CVE-2023-48838
04 Dec 2023 — Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. Appointment Scheduler 3.0 es vulnerable a múltiples problemas de inyección de HTML a través de la clave API de SMS o el código de país predeterminado. PHPJabbers Appointment Scheduler version 3.0 suffers from multiple html injection vulnerabilities. • https://packetstorm.news/files/id/176054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48831 – PHPJabbers Availability Booking Calendar 5.0 Missing Rate Limiting
https://notcve.org/view.php?id=CVE-2023-48831
04 Dec 2023 — A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. La falta de limitación de velocidad en pjActionAJaxSend en Availability Booking Calendar 5.0 permite a los atacantes provocar el agotamiento de los recursos. PHPJabbers Availability Booking Calendar version 5.0 suffers from a missing rate limiting control that can allow for resource exhaustion. • https://packetstorm.news/files/id/176039 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48837 – PHPJabbers Car Rental 3.0 HTML Injection
https://notcve.org/view.php?id=CVE-2023-48837
04 Dec 2023 — Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Car Rental Script 3.0 es vulnerable a múltiples problemas de inyección de HTML a través de una clave API de SMS o un código de país predeterminado. PHPJabbers Car Rental version 3.0 suffers from an html injection vulnerability. • https://packetstorm.news/files/id/176048 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48827 – PHPJabbers Time Slots Booking Calendar 4.0 HTML Injection
https://notcve.org/view.php?id=CVE-2023-48827
04 Dec 2023 — Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Time Slots Booking Calendar 4.0 es vulnerable a múltiples problemas de inyección de HTML a través del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, título, nombre de país o parámetro customer_name. PHPJabbers Time Slots Booking Calendar version 4.0 suffers from an html injection vulnerabili... • https://packetstorm.news/files/id/176036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48841 – PHPJabbers Appointment Scheduler 3.0 CSV Injection
https://notcve.org/view.php?id=CVE-2023-48841
04 Dec 2023 — Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Appointment Scheduler 3.0 es vulnerable a la inyección CSV a través de una acción Idioma > Etiquetas > Exportar. PHPJabbers Appointment Scheduler version 3.0 suffers from a CSV injection vulnerability. • https://packetstorm.news/files/id/176058 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48207 – PHPJabbers Availability Booking Calendar 5.0 CSV Injection
https://notcve.org/view.php?id=CVE-2023-48207
20 Nov 2023 — Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. Availability Booking Calendar 5.0 permite la inyección de CSV a través del campo de ID único en el componente de lista de Reservas. PHPJabbers Availability Booking Calendar version 5.0 suffers from a CSV injection vulnerability. • https://packetstorm.news/files/id/175804 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48172 – Shuttle Booking Software 2.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48172
20 Nov 2023 — A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. Vulnerabilidad de Cross Site Scripting (XSS) en Shuttle Booking Software 2.0 permite a un atacante remoto inyectar JavaScript a través del nombre, descripción, título o parámetro de dirección en index.php. Shuttle Booking Software version 2.0 suffers from multiple persistent cross site scripting vulnerabilities. • https://packetstorm.news/files/id/175800 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48208 – PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48208
20 Nov 2023 — A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. Vulnerabilidad de Cross-Site-Scripting en Availability Booking Calendar 5.0 permite a un atacante inyectar JavaScript a través del parámetro nombre, plugin_sms_api_key, plugin_sms_country_code, uuid, título o nombre de país en index.php. PHPJabbers Availability Booking Calendar version... • https://packetstorm.news/files/id/175805 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43147
https://notcve.org/view.php?id=CVE-2023-43147
12 Oct 2023 — PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI. PHPJabbers Limo Booking Software 1.0 es vulnerable a la Cross-Site Request Forgery (CSRF) para agregar un usuario administrador a través de la función Agregar Usuarios, también conocida como index.php?controller=pjAdminUsers&action=pjActionCreate URI. • https://github.com/MinoTauro2020/CVE-2023-43147 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36127
https://notcve.org/view.php?id=CVE-2023-36127
10 Oct 2023 — User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. La enumeración de usuarios se encuentra en PHPJabbers Appointment Scheduler 3.0. Este problema ocurre durante la recuperación de contraseña, donde una diferencia en los mensajes podría permitir a un atacante determinar si el usuario es válido o no, lo q... • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-203: Observable Discrepancy •