Vulnerabilities > Phpjabbers > Appointment Scheduler
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-48838 | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. | 5.4 |
| 2023-12-07 | CVE-2023-48839 | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
| 2023-12-07 | CVE-2023-48840 | Resource Exhaustion vulnerability in PHPjabbers Appointment Scheduler 3.0 A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. | 7.5 |
| 2023-12-07 | CVE-2023-48841 | Injection vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | 8.8 |
| 2023-10-10 | CVE-2023-36126 | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 | 6.1 |
| 2023-10-10 | CVE-2023-36127 | Information Exposure Through Discrepancy vulnerability in PHPjabbers Appointment Scheduler 3.0 User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. | 7.5 |