CVE-2023-40763
https://notcve.org/view.php?id=CVE-2023-40763
User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. • https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f https://www.phpjabbers.com/taxi-booking-script • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2023-4116 – PHP Jabbers Taxi Booking index.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-4116
A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. • https://www.exploit-db.com/exploits/51652 http://packetstormsecurity.com/files/173937/PHPJabbers-Taxi-Booking-2.0-Cross-Site-Scripting.html https://vuldb.com/?ctiid.235963 https://vuldb.com/?id.235963 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •