Vulnerabilities > Phpjabbers
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-48835 | Injection vulnerability in PHPjabbers CAR Rental Script 3.0 Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | 8.8 |
| 2023-12-07 | CVE-2023-48836 | Cross-site Scripting vulnerability in PHPjabbers CAR Rental Script 3.0 Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
| 2023-12-07 | CVE-2023-48837 | Cross-site Scripting vulnerability in PHPjabbers CAR Rental Script 3.0 Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. | 5.4 |
| 2023-12-07 | CVE-2023-48838 | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. | 5.4 |
| 2023-12-07 | CVE-2023-48839 | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
| 2023-12-07 | CVE-2023-48840 | Resource Exhaustion vulnerability in PHPjabbers Appointment Scheduler 3.0 A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. | 7.5 |
| 2023-12-07 | CVE-2023-48841 | Injection vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | 8.8 |
| 2023-12-07 | CVE-2023-48172 | Cross-site Scripting vulnerability in PHPjabbers Shuttle Booking Software 2.0 A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. | 5.4 |
| 2023-10-12 | CVE-2023-43147 | Cross-Site Request Forgery (CSRF) vulnerability in PHPjabbers Limo Booking Software 1.0 PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI. | 8.8 |
| 2023-10-10 | CVE-2023-36126 | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 | 6.1 |