CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36311
https://notcve.org/view.php?id=CVE-2023-36311
10 Aug 2023 — There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36309
https://notcve.org/view.php?id=CVE-2023-36309
10 Aug 2023 — There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0. Existe una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "action" de index.php en PHPJabbers Document Creator v1.0. • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36310
https://notcve.org/view.php?id=CVE-2023-36310
10 Aug 2023 — There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36315
https://notcve.org/view.php?id=CVE-2023-36315
10 Aug 2023 — There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0. • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36313
https://notcve.org/view.php?id=CVE-2023-36313
10 Aug 2023 — PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed". • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36136
https://notcve.org/view.php?id=CVE-2023-36136
08 Aug 2023 — PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. PHPJabbers Class Scheduling System 1.0 carece de cifrado en la contraseña al editar una cuenta de usuario (página de actualización de usuario) permitiendo a un atacante capturar todos los nombres de usuario y contraseñas en texto claro. • https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36131
https://notcve.org/view.php?id=CVE-2023-36131
03 Aug 2023 — PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter. Availability Booking Calendar 5.0 de PHPJabbers es vulnerable a un Control de Acceso Incorrecto debido a una incorrecta validación de entrada del parámetro de contraseña. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36132
https://notcve.org/view.php?id=CVE-2023-36132
03 Aug 2023 — PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control. Availability Booking Calendar 5.0 de PHP Jabbers es vulnerable al Control de Acceso Incorrecto. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36133
https://notcve.org/view.php?id=CVE-2023-36133
03 Aug 2023 — PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change. Availability Booking Calendar 5.0 de PHPJabbers es vulnerable a la toma de control de cuentas de usuario mediante el cambio de nombre de usuario/contraseña. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36134
https://notcve.org/view.php?id=CVE-2023-36134
03 Aug 2023 — In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. En Class Scheduling System 1.0 de PHPJabbers, la falta de verificación al cambiar una dirección de correo electrónico y/o contraseña (en la Página de Perfil) permite a atacantes remotos tomar el control de cuentas. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-345: Insufficient Verification of Data Authenticity •