Time Slots Booking Calendar Security Vulnerabilities - 2023
There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.
6.1CVSS
6AI Score
0.001EPSS
Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords.
9.8CVSS
9.5AI Score
0.002EPSS
User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
9.8CVSS
9.3AI Score
0.002EPSS
In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
8.8CVSS
8.7AI Score
0.002EPSS
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.
6.1CVSS
6AI Score
0.001EPSS
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.
8.8CVSS
8.7AI Score
0.001EPSS
Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
5.4CVSS
5.7AI Score
0.0004EPSS
Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
5.4CVSS
5.2AI Score
0.0004EPSS
A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion.
7.5CVSS
7.4AI Score
0.001EPSS