CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48830 – PHPJabbers Shuttle Booking Software 2.0 CSV Injection
https://notcve.org/view.php?id=CVE-2023-48830
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. Shuttle Booking Software 2.0 es vulnerable a la inyección CSV en la sección Idiomas a través de una exportación. PHPJabbers Shuttle Booking Software version 2.0 suffers from a CSV injection vulnerability. • http://packetstormsecurity.com/files/176038 https://www.phpjabbers.com/shuttle-booking-software • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48172 – Shuttle Booking Software 2.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48172
A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. Vulnerabilidad de Cross Site Scripting (XSS) en Shuttle Booking Software 2.0 permite a un atacante remoto inyectar JavaScript a través del nombre, descripción, título o parámetro de dirección en index.php. Shuttle Booking Software version 2.0 suffers from multiple persistent cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/175800 https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48172 https://www.phpjabbers.com/shuttle-booking-software • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-4112 – PHP Jabbers Shuttle Booking Software index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-4112
A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. • https://www.exploit-db.com/exploits/51648 http://packetstormsecurity.com/files/173930/PHPJabbers-Shuttle-Booking-Software-1.0-Cross-Site-Scripting.html https://vuldb.com/?ctiid.235959 https://vuldb.com/?id.235959 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •