Lucene search
K
PhpjabbersAppointment Scheduler

8 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.48 views

CVE-2023-36127

CVE-2023-36127 concerns PHPJabbers Appointment Scheduler version 3.0, where during password recovery a discrepancy in response messages can reveal whether a username exists. This user enumeration enables an attacker to identify valid accounts and potentially perform brute-force attempts against t...

7.5CVSS7.5AI score0.00593EPSS
CVE
CVE
added 2023/10/10 12:0 a.m.47 views

CVE-2023-36126

CVE-2023-36126 affects PHPJabbers Appointment Scheduler v3.0, specifically a Cross Site Scripting (XSS) vulnerability in the theme parameter of Preview.php. The issue is described across multiple sources as an XSS in the theme parameter, but the connected documents do not provide vendor-specific ...

6.1CVSS6AI score0.00378EPSS
CVE
CVE
added 2023/12/07 12:0 a.m.45 views

CVE-2023-48839

CVE-2023-48839 affects PHPJabbers Appointment Scheduler v3.0. It is a stored Cross‑Site Scripting (XSS) vulnerability exploited via multiple parameters (name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, customer_name). The issue originates from unsanitized input...

5.4CVSS5.2AI score0.00419EPSS
CVE
CVE
added 2023/12/07 12:0 a.m.44 views

CVE-2023-48838

The CVE-2023-48838 entry concerns PHPJabbers Appointment Scheduler v3.0, with multiple HTML injection vulnerabilities triggered via the SMS API Key or Default Country Code. Root cause details indicate HTML injection (XSS) in the web interface, enabling an attacker to inject payloads through those...

5.4CVSS5.7AI score0.00465EPSS
CVE
CVE
added 2015/01/13 11:0 a.m.42 views

CVE-2014-10010

The CVE-2014-10010 entry describes a directory traversal flaw in PHPJabbers Appointment Scheduler 2.0. The vulnerability occurs in the pjBackup controller’s pjActionDownload action, where an attacker can manipulate the id parameter (using ..) to read arbitrary files. Impact is reading sensitive f...

5CVSS6.9AI score0.07651EPSS
CVE
CVE
added 2015/01/13 11:0 a.m.41 views

CVE-2014-10001

CVE-2014-10001 affects PHPJabbers Appointment Scheduler 2.0. The vulnerability set consists of CSRF flaws that enable an attacker to hijack administrator sessions for requests crafted to the application, including (1) XSS via the i18n[1][name] parameter in a pjActionCreate action targeting the pj...

6.8CVSS6.7AI score0.02264EPSS
CVE
CVE
added 2023/12/07 12:0 a.m.39 views

CVE-2023-48840

CVE-2023-48840 affects PHPJabbers Appointment Scheduler 3.0. The issue is a lack of rate limiting in the function pjActionAjaxSend , which can lead to resource exhaustion. Public sources describe the affected software and vulnerability pattern, with public exploit details referenced by PacketStor...

7.5CVSS7.4AI score0.01051EPSS
CVE
CVE
added 2023/12/07 12:0 a.m.30 views

CVE-2023-48841

CVE-2023-48841 affects PHPJabbers Appointment Scheduler 3.0. The vulnerability is a CSV injection in the Language > Labels > Export action, caused by insufficient input validation on the Unique ID field used to construct the CSV file. Impact is described as high (C/H/I/H/A/H) per CVSS data,...

8.8CVSS8.6AI score0.01221EPSS