CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-41538
https://notcve.org/view.php?id=CVE-2023-41538
phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. PHP Forum Script 3.0 de PHPJabbers es vulnerable a Cross Site Scripting (XSS) a través del parámetro keyword. • https://github.com/codeb0ss/CVE-2023-41538-PoC https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/PHP-Forum-Script-3.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40757
https://notcve.org/view.php?id=CVE-2023-40757
User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. • https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f https://www.phpjabbers.com/food-delivery-script • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40764
https://notcve.org/view.php?id=CVE-2023-40764
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. • https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f https://www.phpjabbers.com/car-rental-script • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40766
https://notcve.org/view.php?id=CVE-2023-40766
User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. • https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f https://www.phpjabbers.com/ticket-support-script • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40758
https://notcve.org/view.php?id=CVE-2023-40758
User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. • https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f https://www.phpjabbers.com/document-creator • CWE-209: Generation of Error Message Containing Sensitive Information •