8 matches found
CVE-2023-48207
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component...
CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...
Design/Logic Flaw
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component...
CVE-2023-48825
CVE-2023-48825 affects PHPJabbers Availability Booking Calendar 5.0. The issue is multiple HTML (XSS) injections via the SMS API Key and Default Country Code fields in the SMS Settings panel, caused by insufficient input validation. Exploitation in the wild would allow an attacker to inject HTML/...
CVE-2023-48831
A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion...
CVE-2023-48831
CVE-2023-48831 affects PHPJabbers Availability Booking Calendar version 5.0. The vulnerability is due to a lack of rate limiting in the function pjActionAJaxSend, which can be exploited over the network to exhaust server resources (resource exhaustion). Documents consistently describe this as a r...
CVE-2023-48207
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component...
Default credentials
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change...