PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.
9.8CVSS
9.6AI Score
0.002EPSS
PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.
9.8CVSS
9.5AI Score
0.002EPSS
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.
9.8CVSS
9.4AI Score
0.002EPSS
A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched rem...
6.1CVSS
6.2AI Score
0.006EPSS
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component.
8.8CVSS
8.9AI Score
0.001EPSS
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.
6.1CVSS
6.2AI Score
0.001EPSS
Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
5.4CVSS
5.9AI Score
0.0004EPSS
A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion.
7.5CVSS
7.5AI Score
0.001EPSS