Shodan
Vulnerabilities
Vulnerable Software
Phpjabbers:  Security Vulnerabilities
CVE-2023-48825
Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-07
CVE-2023-48826
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-12-07
CVE-2023-48827
Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-07
CVE-2023-48828
Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-07
CVE-2023-48207
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-12-07
CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-12-07
CVE-2023-48172
A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-07
CVE-2023-43147
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-10-12
CVE-2023-36126
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0
CVSS Score
6.1
EPSS Score
0.001
Published
2023-10-10
CVE-2023-36127
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved