Vulnerabilities > Phpjabbers > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-48208 | Cross-site Scripting vulnerability in PHPjabbers Availability Booking Calendar 5.0 A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. | 6.1 |
| 2023-12-07 | CVE-2023-48825 | Cross-site Scripting vulnerability in PHPjabbers Availability Booking Calendar 5.0 Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. | 5.4 |
| 2023-12-07 | CVE-2023-48827 | Cross-site Scripting vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
| 2023-12-07 | CVE-2023-48828 | Cross-site Scripting vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
| 2023-12-07 | CVE-2023-48836 | Cross-site Scripting vulnerability in PHPjabbers CAR Rental Script 3.0 Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
| 2023-12-07 | CVE-2023-48837 | Cross-site Scripting vulnerability in PHPjabbers CAR Rental Script 3.0 Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. | 5.4 |
| 2023-12-07 | CVE-2023-48838 | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. | 5.4 |
| 2023-12-07 | CVE-2023-48839 | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 |
| 2023-12-07 | CVE-2023-48172 | Cross-site Scripting vulnerability in PHPjabbers Shuttle Booking Software 2.0 A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. | 5.4 |
| 2023-10-10 | CVE-2023-36126 | Cross-site Scripting vulnerability in PHPjabbers Appointment Scheduler 3.0 There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 | 6.1 |