CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48841 – PHPJabbers Appointment Scheduler 3.0 CSV Injection
https://notcve.org/view.php?id=CVE-2023-48841
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Appointment Scheduler 3.0 es vulnerable a la inyección CSV a través de una acción Idioma > Etiquetas > Exportar. PHPJabbers Appointment Scheduler version 3.0 suffers from a CSV injection vulnerability. • http://packetstormsecurity.com/files/176058 https://www.phpjabbers.com/appointment-scheduler • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48840 – PHPJabbers Appointment Scheduler 3.0 Missing Rate Limiting
https://notcve.org/view.php?id=CVE-2023-48840
A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. La falta de limitación de velocidad en pjActionAjaxSend en Appointment Scheduler 3.0 permite a los atacantes provocar el agotamiento de los recursos. PHPJabbers Appointment Scheduler version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion. • http://packetstormsecurity.com/files/176056 https://www.phpjabbers.com/appointment-scheduler • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48839 – PHPJabbers Appointment Scheduler 3.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48839
Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Appointment Scheduler 3.0 es vulnerable a problemas de Múltiple Coss-Site Scripting (XSS) Almacenado a través del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, título, nombre de país o parámetro customer_name. PHPJabbers Appointment Scheduler version 3.0 suffers from multiple persistent cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/176055 https://www.phpjabbers.com/appointment-scheduler • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48838 – PHPJabbers Appointment Scheduler 3.0 HTML Injection
https://notcve.org/view.php?id=CVE-2023-48838
Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. Appointment Scheduler 3.0 es vulnerable a múltiples problemas de inyección de HTML a través de la clave API de SMS o el código de país predeterminado. PHPJabbers Appointment Scheduler version 3.0 suffers from multiple html injection vulnerabilities. • http://packetstormsecurity.com/files/176054 https://www.phpjabbers.com/appointment-scheduler • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36126
https://notcve.org/view.php?id=CVE-2023-36126
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 Hay una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "theme" de preview.php en PHPJabbers Appointment Scheduler v3.0 • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •