CVE-2023-48838

Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code...

CVE-2023-48836

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

CVE-2023-48825

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code...

CVE-2023-48825

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code...

CVE-2023-48828

Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

CVE-2023-48828

Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

CVE-2023-48825

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code...

Input validation

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code...

Input validation

Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code...

Input validation

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code...

CVE-2023-48838

Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code...

CVE-2023-48837

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code...

CVE-2023-48838

The CVE-2023-48838 entry concerns PHPJabbers Appointment Scheduler v3.0, with multiple HTML injection vulnerabilities triggered via the SMS API Key or Default Country Code. Root cause details indicate HTML injection (XSS) in the web interface, enabling an attacker to inject payloads through those...

CVE-2023-48825

CVE-2023-48825 affects PHPJabbers Availability Booking Calendar 5.0. The issue is multiple HTML (XSS) injections via the SMS API Key and Default Country Code fields in the SMS Settings panel, caused by insufficient input validation. Exploitation in the wild would allow an attacker to inject HTML/...

CVE-2023-48836

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

C2-Search-Netlas - Search For C2 Servers Based On Netlas

C2 Search Netlas is a Java utility designed to detect Command and Control C2 servers using the Netlas API. It provides a straightforward and user-friendly CLI interface for searching C2 servers, leveraging the Netlas API to gather data and process it locally. Usage To utilize this terminal utilit...

MyBookTable Bookstore < 3.3.5 - API Key Update via CSRF

Description The plugin does not have CSRF check when updating its API key via the mbtapikeyrefreshajax function, which could allow attackers to make logged in admins update it via a CSRF attack...

Automatic YouTube Gallery < 2.3.5 - Missing Authorization via AJAX actions

Description The Automatic YouTube Gallery plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on the ajaxcallbacksaveapikey and ajaxcallbackdeletecache functions in versions up to, and including, 2.3.3. This makes it possible for authenticat...

CVE-2021-37937

An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account...

CVE-2021-37937

An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account...