CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36136
https://notcve.org/view.php?id=CVE-2023-36136
PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. PHPJabbers Class Scheduling System 1.0 carece de cifrado en la contraseña al editar una cuenta de usuario (página de actualización de usuario) permitiendo a un atacante capturar todos los nombres de usuario y contraseñas en texto claro. • https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb https://www.phpjabbers.com/class-scheduling-system • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36137
https://notcve.org/view.php?id=CVE-2023-36137
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0. Hay una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "theme" de preview.php en PHPJabbers Class Scheduling System 1.0. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/class-scheduling-system • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36134
https://notcve.org/view.php?id=CVE-2023-36134
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. En Class Scheduling System 1.0 de PHPJabbers, la falta de verificación al cambiar una dirección de correo electrónico y/o contraseña (en la Página de Perfil) permite a atacantes remotos tomar el control de cuentas. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/class-scheduling-system • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36135
https://notcve.org/view.php?id=CVE-2023-36135
User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. Una enumeración de usuarios fue detectada en Class Scheduling System v1.0 de PHPJabbers. Este problema se produce durante la recuperación de contraseñas, donde una diferencia en los mensajes podría permitir a un atacante determinar si el usuario es válido o no, permitiendo un ataque de fuerza bruta con usuarios válidos. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 https://www.phpjabbers.com/class-scheduling-system •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2826 – SourceCodester Class Scheduling System POST Parameter search_teacher_result.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-2826
A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/joicygiore/ApplyForCVE/blob/main/XSS.md https://vuldb.com/?ctiid.229612 https://vuldb.com/?id.229612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •