CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48833 – PHPJabbers Time Slots Booking Calendar 4.0 Missing Rate Limiting
https://notcve.org/view.php?id=CVE-2023-48833
04 Dec 2023 — A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. La falta de limitación de velocidad en pjActionAJaxSend en Time Slots Booking Calendar 4.0 permite a los atacantes provocar el agotamiento de los recursos. PHPJabbers Time Slots Booking Calendar version 4.0 suffers from a missing rate limiting control that can allow for resource exhaustion. • https://packetstorm.news/files/id/176042 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48828 – PHPJabbers Time Slots Booking Calendar 4.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48828
04 Dec 2023 — Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Time Slots Booking Calendar 4.0 es vulnerable a problemas de Múltiple Coss-Site Scripting (XSS) Almacenado a través del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, título, nombre de país o parámetro customer_name. PHPJabbers Time Slots Booking Calendar version 4.0 suffe... • https://packetstorm.news/files/id/176037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48826 – PHPJabbers Time Slots Booking Calendar 4.0 CSV Injection
https://notcve.org/view.php?id=CVE-2023-48826
04 Dec 2023 — Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. Time Slots Booking Calendar 4.0 es vulnerable a la inyección de CSV a través del campo de ID único de la Lista de reservas. PHPJabbers Time Slots Booking Calendar version 4.0 suffers from a CSV injection vulnerability. • https://packetstorm.news/files/id/176034 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48827 – PHPJabbers Time Slots Booking Calendar 4.0 HTML Injection
https://notcve.org/view.php?id=CVE-2023-48827
04 Dec 2023 — Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Time Slots Booking Calendar 4.0 es vulnerable a múltiples problemas de inyección de HTML a través del nombre, plugin_sms_api_key, plugin_sms_country_code, calendar_id, título, nombre de país o parámetro customer_name. PHPJabbers Time Slots Booking Calendar version 4.0 suffers from an html injection vulnerabili... • https://packetstorm.news/files/id/176036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33560
https://notcve.org/view.php?id=CVE-2023-33560
01 Aug 2023 — There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Existe una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "cid" de preview.php en Time Slots Booking Calendar v3.3 de PHPJabbers. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33561
https://notcve.org/view.php?id=CVE-2023-33561
01 Aug 2023 — Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords. La validación incorrecta del parámetro de contraseña en Time Slots Booking Calendar v 3.3 de PHPJabbers resulta en contraseñas inseguras. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33562
https://notcve.org/view.php?id=CVE-2023-33562
01 Aug 2023 — User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. La enumeración de usuarios se encuentra en Time Slots Booking Calendar v3.3 de PHPJabbers. Este problema se produce durante la recuperación de contraseñas, donde una diferencia en los mensajes podría permitir a un atacante determinar si el usuar... • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33563
https://notcve.org/view.php?id=CVE-2023-33563
01 Aug 2023 — In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. En Time Slots Booking Calendar 3.3 de PHP Jabbers, la falta de verificación al cambiar una dirección de correo electrónico y/o contraseña (en la Página de Perfil) permite a atacantes remotos tomar el control de cuentas. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-287: Improper Authentication •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33564
https://notcve.org/view.php?id=CVE-2023-33564
01 Aug 2023 — There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Existe una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "theme" de preview.php en Time Slots Booking Calendar v3.3 de PHPJabbers. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •