CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 3CVE-2023-4115 – PHP Jabbers Cleaning Business index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-4115
03 Aug 2023 — A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. • https://packetstorm.news/files/id/173936 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 3CVE-2023-4116 – PHP Jabbers Taxi Booking index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-4116
03 Aug 2023 — A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. • https://packetstorm.news/files/id/173937 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2023-4117 – PHP Jabbers Rental Property Booking index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-4117
03 Aug 2023 — A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235964. • https://packetstorm.news/files/id/173939 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33560
https://notcve.org/view.php?id=CVE-2023-33560
01 Aug 2023 — There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Existe una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "cid" de preview.php en Time Slots Booking Calendar v3.3 de PHPJabbers. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33561
https://notcve.org/view.php?id=CVE-2023-33561
01 Aug 2023 — Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords. La validación incorrecta del parámetro de contraseña en Time Slots Booking Calendar v 3.3 de PHPJabbers resulta en contraseñas inseguras. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33562
https://notcve.org/view.php?id=CVE-2023-33562
01 Aug 2023 — User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. La enumeración de usuarios se encuentra en Time Slots Booking Calendar v3.3 de PHPJabbers. Este problema se produce durante la recuperación de contraseñas, donde una diferencia en los mensajes podría permitir a un atacante determinar si el usuar... • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33563
https://notcve.org/view.php?id=CVE-2023-33563
01 Aug 2023 — In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. En Time Slots Booking Calendar 3.3 de PHP Jabbers, la falta de verificación al cambiar una dirección de correo electrónico y/o contraseña (en la Página de Perfil) permite a atacantes remotos tomar el control de cuentas. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-287: Improper Authentication •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33564
https://notcve.org/view.php?id=CVE-2023-33564
01 Aug 2023 — There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Existe una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "theme" de preview.php en Time Slots Booking Calendar v3.3 de PHPJabbers. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34869
https://notcve.org/view.php?id=CVE-2023-34869
01 Aug 2023 — PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot. Se ha descubierto que Catering System v1.0 de PHPJabbers contiene una vulnerabilidad Cross-Site Scripting (XSS) a través del componente /index.php?controller=pjAdmin&action=pjActionForgot. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22226
https://notcve.org/view.php?id=CVE-2020-22226
05 Nov 2021 — Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function. Se ha detectado que Stivasoft (Phpjabbers) Fundraising Script versión v1.0, contiene una vulnerabilidad de inyección SQL por medio de la función pjActionSetAmount • https://pastebin.com/cZFwMb5F • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •