Lucene search
Rahad Chowdhury, BugsBD LimitedPACKETSTORM:176054HistoryDec 04, 2023 - 12:00 a.m.
PHPJabbers Appointment Scheduler 3.0 HTML Injection
2023-12-0400:00:00
Rahad Chowdhury, BugsBD Limited
packetstormsecurity.com
79
phpjabbers appointment scheduler
html injection
cross-site scripting
security vulnerability
cve-2023-48838
web security
`# Exploit Title: PHPJabbers Appointment Scheduler v3.0 - Multiple HTML Injection
# Date: 19/11/2023
# Exploit Author: BugsBD Limited
# Discover by: Rahad Chowdhury
# Vendor Homepage: https://www.phpjabbers.com/
# Software Link: https://www.phpjabbers.com/appointment-scheduler/
# Version: v3.0
# Tested on: Windows 10, Windows 11, Linux
# CVE-2023-48838
Descriptions:
PHPJabbers Appointment Scheduler v3.0 is vulnerable to Multiple HTML
Injection. HTML injection, also known as HTML code injection or
cross-site scripting (XSS), is a web security vulnerability that
allows an attacker to inject malicious code into a web page that is
then viewed by other users. This can lead to various attacks, such as
stealing sensitive information, session hijacking, defacement of
websites, or delivering malware to users.
Steps to Reproduce:
1. Login your panel.
2. Go to System Menu then click SMS Settings.
3. Then use any HTML Tag in "SMS API Key", "Default Country Code"
input field and Save.
4. You will see HTML code working here.
## Reproduce:
[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48838)
`
Related
cvelist
cvelist
CVE-2023-48838
2023-12-07 00:00:00
prion
prion
Input validation
2023-12-07 07:15:00
cve
cve
CVE-2023-48838
2023-12-07 07:15:12
nvd
nvd
CVE-2023-48838
2023-12-07 07:15:12