Lucene search
OrponPACKETSTORM:175805HistoryNov 20, 2023 - 12:00 a.m.
PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting
2023-11-2000:00:00
Orpon
packetstormsecurity.com
247
cross site scripting
phpjabbers
availability booking calendar
stored xss
sms settings
cve-2023-48208
`# Exploit Title: Multiple Cross Site Scripting in PHPJabbers Availability
Booking Calendar v5.0
# Date: 12/11/2023
# Exploit Author: BugsBD Security Researcher (Orpon)
# Vendor Homepage: https://www.phpjabbers.com/
# Software Link:
https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo
# Version: v5.0
# Tested on: Windows 10, Linux
# CVE: CVE-2023-48208
Description:
PHPJabbers Availability Booking Calendar v5.0 is vulnerable to Multiple
Stored Cross-Site Scripting (XSS) vulnerabilities in the "name,
plugin_sms_api_key, plugin_sms_country_code, uuid, title, country name"
parameters of index.php page.
Steps to Reproduce:
1. Login your panel
2. Go to System Menu then click SMS Settings.
3. Then use any XSS Payload in "SMS API Key", "Default Country Code" input
field and Save.
4. You will see XSS pop up.
## Reproduce:
[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48208)
`
Related
cvelist
cvelist
CVE-2023-48208
2023-12-07 00:00:00
prion
prion
Cross site scripting
2023-12-07 07:15:00
nvd
nvd
CVE-2023-48208
2023-12-07 07:15:09
zdt
zdt
cve
cve
CVE-2023-48208
2023-12-07 07:15:09