Vulnerabilities > Phpjabbers > Time Slots Booking Calendar > 4.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-07	CVE-2023-48826	Injection vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. network low complexity phpjabbers CWE-74	8.8
2023-12-07	CVE-2023-48827	Cross-site Scripting vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. network low complexity phpjabbers CWE-79	5.4
2023-12-07	CVE-2023-48828	Cross-site Scripting vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. network low complexity phpjabbers CWE-79	5.4
2023-12-07	CVE-2023-48833	Resource Exhaustion vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. network low complexity phpjabbers CWE-400	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.