Vulnerabilities > Phpjabbers > Appointment Scheduler
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-48838 | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. | 5.4 |
| 2023-12-07 | CVE-2023-48839 | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
| 2023-12-07 | CVE-2023-48840 | Resource Exhaustion vulnerability in PHPjabbers Appointment Scheduler 3.0 A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. | 7.5 |
| 2023-12-07 | CVE-2023-48841 | Injection vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | 8.8 |
| 2023-10-10 | CVE-2023-36126 | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 | 6.1 |
| 2023-10-10 | CVE-2023-36127 | Information Exposure Through Discrepancy vulnerability in PHPjabbers Appointment Scheduler 3.0 User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. | 7.5 |
| 2015-01-13 | CVE-2014-10010 | Path Traversal vulnerability in PHPjabbers Appointment Scheduler 2.0 Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2015-01-13 | CVE-2014-10001 | Cross-Site Request Forgery (CSRF) vulnerability in PHPjabbers Appointment Scheduler 2.0 Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller. | 6.8 |