Lucene search

[email protected]NVD:CVE-2023-48836

HistoryDec 07, 2023 - 7:15 a.m.

CVE-2023-48836

2023-12-0707:15:11

CWE-79

[email protected]

web.nvd.nist.gov

car rental script

multiple

stored xss

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

13.1%

JSON

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.

Affected configurations

Nvd

Node

phpjabberscar_rental_scriptMatch3.0

VendorProductVersionCPE
phpjabberscar_rental_script3.0cpe:2.3:a:phpjabbers:car_rental_script:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpjabbers	car_rental_script	3.0	cpe:2.3:a:phpjabbers:car_rental_script:3.0:::::::*

References

packetstormsecurity.com/files/176046

www.phpjabbers.com/car-rental-script/