Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:57 a.m.5 views

CVE-2023-48207

Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component...

8.8CVSS7.4AI score0.01166EPSS
Exploits3References1
NVD
NVD
added 2023/12/07 7:15 a.m.27 views

CVE-2023-48208

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...

6.1CVSS0.00499EPSS
Exploits2References1
Prion
Prion
added 2023/12/07 7:15 a.m.18 views

Design/Logic Flaw

Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component...

6.5CVSS7.6AI score0.01166EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2023/12/07 12:0 a.m.48 views

CVE-2023-48825

CVE-2023-48825 affects PHPJabbers Availability Booking Calendar 5.0. The issue is multiple HTML (XSS) injections via the SMS API Key and Default Country Code fields in the SMS Settings panel, caused by insufficient input validation. Exploitation in the wild would allow an attacker to inject HTML/...

5.4CVSS5.9AI score0.00453EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/12/07 12:0 a.m.22 views

CVE-2023-48831

A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion...

7.8AI score0.01162EPSS
Exploits2References2
CVE
CVE
added 2023/12/07 12:0 a.m.35 views

CVE-2023-48831

CVE-2023-48831 affects PHPJabbers Availability Booking Calendar version 5.0. The vulnerability is due to a lack of rate limiting in the function pjActionAJaxSend, which can be exploited over the network to exhaust server resources (resource exhaustion). Documents consistently describe this as a r...

7.5CVSS7.5AI score0.01162EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2023/12/07 12:0 a.m.41 views

CVE-2023-48207

Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component...

9.2AI score0.01166EPSS
Exploits3References1
Prion
Prion
added 2023/08/04 12:15 a.m.14 views

Default credentials

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change...

7.5CVSS9.5AI score0.00746EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder