CVE-2023-40758
https://notcve.org/view.php?id=CVE-2023-40758
User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. • https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f https://www.phpjabbers.com/document-creator • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2023-36311
https://notcve.org/view.php?id=CVE-2023-36311
There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 https://www.phpjabbers.com/document-creator • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-36310
https://notcve.org/view.php?id=CVE-2023-36310
There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 https://www.phpjabbers.com/document-creator • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-36309
https://notcve.org/view.php?id=CVE-2023-36309
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0. Existe una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "action" de index.php en PHPJabbers Document Creator v1.0. • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 https://www.phpjabbers.com/document-creator • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-36313
https://notcve.org/view.php?id=CVE-2023-36313
PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed". • https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4 https://www.phpjabbers.com/document-creator • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •