3975 matches found
Design/Logic Flaw
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
Cross site scripting
There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0...
CVE-2023-40755
There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0...
CVE-2023-40755
There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0...
CVE-2023-40756
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-40755
CVE-2023-40755 affects PHPJabbers Callback Widget v1.0, with an XSS vulnerability in the theme parameter of preview.php. The issue allows unauthenticated attackers to inject JavaScript through theme, potentially stealing administrator credentials or manipulating callback requests. The root cause ...
PHPJabbers Callback Widget 安全漏洞
PHPJabbers Callback Widget is a simple PHP script that places a discreet callback button on a website. A security vulnerability exists in version v1.0 of the PHPJabbers Callback Widget that stems from a user enumeration vulnerability when resetting a password...
PHPJabbers Callback Widget 跨站脚本漏洞
PHPJabbers Callback Widget is a simple PHP script that places a discreet callback button on a website. A security vulnerability exists in PHPJabbers Callback Widget that stems from a cross-site scripting vulnerability in the theme parameter of preview.php...
PT-2023-27620 · Phpjabbers · Phpjabbers Callback Widget
Name of the Vulnerable Software and Affected Versions: PHPJabbers Callback Widget version 1.0 Description: There is a Cross Site Scripting XSS vulnerability in the theme parameter of the "preview.php" file. This issue allows for malicious script execution. Recommendations: For PHPJabbers Callback...
CVE-2023-40756
PHPJabbers Callback Widget v1.0 is affected by a user-enumeration vulnerability during password recovery, where differing response messages may reveal whether a user exists, enabling brute-force attempts with valid accounts. The NVD lists CVSS 3.1 base score 9.8 (CRITICAL) with network attack vec...
CVE-2023-4040
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcallbackhandler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order...
CVE-2023-4040
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ehcallbackhandler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order...
CVE-2023-36314
There is a Cross Site Scripting XSS vulnerability in the value-text-osmsemailrequestmessage parameters of index.php in PHPJabbers Callback Widget v1.0...
CVE-2023-36312
There is a Cross Site Scripting XSS vulnerability in the value-enum-obfincludetimezone parameter of index.php in PHPJabbers Callback Widget v1.0...
CVE-2023-36312
There is a Cross Site Scripting XSS vulnerability in the value-enum-obfincludetimezone parameter of index.php in PHPJabbers Callback Widget v1.0...
CVE-2023-36315
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0...
CVE-2023-36315
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0...
CVE-2023-36315
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0...
CVE-2023-36314
There is a Cross Site Scripting XSS vulnerability in the value-text-osmsemailrequestmessage parameters of index.php in PHPJabbers Callback Widget v1.0...
CVE-2023-36312
There is a Cross Site Scripting XSS vulnerability in the value-enum-obfincludetimezone parameter of index.php in PHPJabbers Callback Widget v1.0...