CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48208 – PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. Vulnerabilidad de Cross-Site-Scripting en Availability Booking Calendar 5.0 permite a un atacante inyectar JavaScript a través del parámetro nombre, plugin_sms_api_key, plugin_sms_country_code, uuid, título o nombre de país en index.php. PHPJabbers Availability Booking Calendar version 5.0 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/175805 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48207 – PHPJabbers Availability Booking Calendar 5.0 CSV Injection
https://notcve.org/view.php?id=CVE-2023-48207
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. Availability Booking Calendar 5.0 permite la inyección de CSV a través del campo de ID único en el componente de lista de Reservas. PHPJabbers Availability Booking Calendar version 5.0 suffers from a CSV injection vulnerability. • http://packetstormsecurity.com/files/175804 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48172 – Shuttle Booking Software 2.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48172
A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. Vulnerabilidad de Cross Site Scripting (XSS) en Shuttle Booking Software 2.0 permite a un atacante remoto inyectar JavaScript a través del nombre, descripción, título o parámetro de dirección en index.php. Shuttle Booking Software version 2.0 suffers from multiple persistent cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/175800 https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48172 https://www.phpjabbers.com/shuttle-booking-software • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43147
https://notcve.org/view.php?id=CVE-2023-43147
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI. PHPJabbers Limo Booking Software 1.0 es vulnerable a la Cross-Site Request Forgery (CSRF) para agregar un usuario administrador a través de la función Agregar Usuarios, también conocida como index.php?controller=pjAdminUsers&action=pjActionCreate URI. • https://github.com/MinoTauro2020/CVE-2023-43147 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36126
https://notcve.org/view.php?id=CVE-2023-36126
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 Hay una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "theme" de preview.php en PHPJabbers Appointment Scheduler v3.0 • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •