8 matches found
CVE-2023-36127
CVE-2023-36127 concerns PHPJabbers Appointment Scheduler version 3.0, where during password recovery a discrepancy in response messages can reveal whether a username exists. This user enumeration enables an attacker to identify valid accounts and potentially perform brute-force attempts against t...
CVE-2023-36126
CVE-2023-36126 affects PHPJabbers Appointment Scheduler v3.0, specifically a Cross Site Scripting (XSS) vulnerability in the theme parameter of Preview.php. The issue is described across multiple sources as an XSS in the theme parameter, but the connected documents do not provide vendor-specific ...
CVE-2023-48839
CVE-2023-48839 affects PHPJabbers Appointment Scheduler v3.0. It is a stored Cross‑Site Scripting (XSS) vulnerability exploited via multiple parameters (name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, customer_name). The issue originates from unsanitized input...
CVE-2023-48838
The CVE-2023-48838 entry concerns PHPJabbers Appointment Scheduler v3.0, with multiple HTML injection vulnerabilities triggered via the SMS API Key or Default Country Code. Root cause details indicate HTML injection (XSS) in the web interface, enabling an attacker to inject payloads through those...
CVE-2014-10010
The CVE-2014-10010 entry describes a directory traversal flaw in PHPJabbers Appointment Scheduler 2.0. The vulnerability occurs in the pjBackup controller’s pjActionDownload action, where an attacker can manipulate the id parameter (using ..) to read arbitrary files. Impact is reading sensitive f...
CVE-2014-10001
CVE-2014-10001 affects PHPJabbers Appointment Scheduler 2.0. The vulnerability set consists of CSRF flaws that enable an attacker to hijack administrator sessions for requests crafted to the application, including (1) XSS via the i18n[1][name] parameter in a pjActionCreate action targeting the pj...
CVE-2023-48840
CVE-2023-48840 affects PHPJabbers Appointment Scheduler 3.0. The issue is a lack of rate limiting in the function pjActionAjaxSend , which can lead to resource exhaustion. Public sources describe the affected software and vulnerability pattern, with public exploit details referenced by PacketStor...
CVE-2023-48841
CVE-2023-48841 affects PHPJabbers Appointment Scheduler 3.0. The vulnerability is a CSV injection in the Language > Labels > Export action, caused by insufficient input validation on the Unique ID field used to construct the CSV file. Impact is described as high (C/H/I/H/A/H) per CVSS data,...