Vulnerabilities > Phpjabbers
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-48207 | Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPjabbers Availability Booking Calendar 5.0 Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. | 8.8 |
| 2023-12-07 | CVE-2023-48208 | Cross-site Scripting vulnerability in PHPjabbers Availability Booking Calendar 5.0 A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. | 6.1 |
| 2023-12-07 | CVE-2023-48825 | Cross-site Scripting vulnerability in PHPjabbers Availability Booking Calendar 5.0 Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. | 5.4 |
| 2023-12-07 | CVE-2023-48826 | Injection vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. | 8.8 |
| 2023-12-07 | CVE-2023-48827 | Cross-site Scripting vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
| 2023-12-07 | CVE-2023-48828 | Cross-site Scripting vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
| 2023-12-07 | CVE-2023-48830 | Injection vulnerability in PHPjabbers Shuttle Booking Software 2.0 Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. | 8.8 |
| 2023-12-07 | CVE-2023-48831 | Resource Exhaustion vulnerability in PHPjabbers Availability Booking Calendar 5.0 A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. | 7.5 |
| 2023-12-07 | CVE-2023-48833 | Resource Exhaustion vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. | 7.5 |
| 2023-12-07 | CVE-2023-48834 | Resource Exhaustion vulnerability in PHPjabbers CAR Rental Script 3.0 A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. | 7.5 |