CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36126
https://notcve.org/view.php?id=CVE-2023-36126
10 Oct 2023 — There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 Hay una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "theme" de preview.php en PHPJabbers Appointment Scheduler v3.0 • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43274
https://notcve.org/view.php?id=CVE-2023-43274
21 Sep 2023 — Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. Phpjabbers PHP Shopping Cart 4.2 es vulnerable a la inyección SQL a través del parámetro id. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/PHP-Shopping-Cart-4.2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36140
https://notcve.org/view.php?id=CVE-2023-36140
11 Sep 2023 — In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts. En PHPJabbers Cleaning Business Software 1.0, no hay cifrado en las contraseñas de los usuarios, permitiendo a un atacante obtener acceso a todas las cuentas de usuario. • https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41537
https://notcve.org/view.php?id=CVE-2023-41537
30 Aug 2023 — phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. Business Directory Script 3.2 de PHPJabbers es vulnerable a Cross Site Scripting (XSS) a través del parámetro keyword. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-41538
https://notcve.org/view.php?id=CVE-2023-41538
30 Aug 2023 — phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. PHP Forum Script 3.0 de PHPJabbers es vulnerable a Cross Site Scripting (XSS) a través del parámetro keyword. • https://github.com/codeb0ss/CVE-2023-41538-PoC • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41539
https://notcve.org/view.php?id=CVE-2023-41539
30 Aug 2023 — phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter. Business Directory Script 3.2 de PHPJabbers es vulnerable a SQL Injection a través del parámetro de column. • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2/SQLi • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40754
https://notcve.org/view.php?id=CVE-2023-40754
28 Aug 2023 — In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. • https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40753
https://notcve.org/view.php?id=CVE-2023-40753
28 Aug 2023 — There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2. • https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40750
https://notcve.org/view.php?id=CVE-2023-40750
28 Aug 2023 — There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0. • https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40751
https://notcve.org/view.php?id=CVE-2023-40751
28 Aug 2023 — PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php. • https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •