Lucene search

[email protected]NVD:CVE-2023-33560

HistoryAug 01, 2023 - 11:15 p.m.

CVE-2023-33560

2023-08-0123:15:28

CWE-79

[email protected]

web.nvd.nist.gov

cross site scripting

xss

phpjabbers

time slots booking calendar

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.6%

JSON

There is a Cross Site Scripting (XSS) vulnerability in “cid” parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.

Affected configurations

Nvd

Node

phpjabberstime_slots_booking_calendarMatch3.3

VendorProductVersionCPE
phpjabberstime_slots_booking_calendar3.3cpe:2.3:a:phpjabbers:time_slots_booking_calendar:3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpjabbers	time_slots_booking_calendar	3.3	cpe:2.3:a:phpjabbers:time_slots_booking_calendar:3.3:::::::*

References

medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4

www.phpjabbers.com/time-slots-booking-calendar/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.6%

JSON

Related for NVD:CVE-2023-33560

cvelist1 prion1 cve1