Availability Booking Calendar Security Vulnerabilities and Issues — Availability Booking Calendar CVE List

PhpjabbersAvailability Booking Calendar

8 matches found

CVE•added 2023/08/03 2:31 a.m.•69 views

CVE-2023-4110

Summary: CVE-2023-4110 affects PHP Jabbers Availability Booking Calendar 5.0. The vulnerability is a cross-site scripting flaw in the unknown functionality of /index.php, triggered by manipulating the session_id parameter. The Nuclei template confirms unauthenticated, remote exploitation that can...

6.1CVSS4.6AI score0.06662EPSS

CVE•added 2023/08/03 12:0 a.m.•37 views

CVE-2023-36131

CVE-2023-36131 affects PHPJabbers Availability Booking Calendar 5.0. The issue is an Incorrect Access Control due to improper input validation of the password parameter, enabling unauthorized access. CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base score 9.8). Exploitation likely over t...

9.8CVSS9.6AI score0.00131EPSS

CVE•added 2023/12/07 12:0 a.m.•36 views

CVE-2023-48207

CVE-2023-48207 affects PHPJabbers Availability Booking Calendar version 5.0. The vulnerability arises from insufficient input validation in the unique ID field used to build CSV exports from the Reservations list component, enabling CSV injection. Public sources describe potential remote code exe...

8.8CVSS8.9AI score0.00184EPSS

CVE•added 2023/12/07 12:0 a.m.•35 views

CVE-2023-48825

CVE-2023-48825 affects PHPJabbers Availability Booking Calendar 5.0. The issue is multiple HTML (XSS) injections via the SMS API Key and Default Country Code fields in the SMS Settings panel, caused by insufficient input validation. Exploitation in the wild would allow an attacker to inject HTML/...

5.4CVSS5.9AI score0.00202EPSS

CVE•added 2023/08/03 12:0 a.m.•34 views

CVE-2023-36132

The CVE-2023-36132 entry concerns PHP Jabbers Availability Booking Calendar 5.0 and the underlying issue is Incorrect Access Control. The available connected sources collectively identify the affected software (Availability Booking Calendar 5.0) and the root cause as improper access control, with...

9.8CVSS9.5AI score0.00186EPSS

CVE•added 2023/08/03 12:0 a.m.•32 views

CVE-2023-36133

CVE-2023-36133 affects PHPJabbers Availability Booking Calendar 5.0. Descriptions across sources consistently flag a User Account Takeover via username/password changes, with CVSS v3.1 metrics indicating network access, low attack complexity, no privileges required, and high confidentiality, inte...

9.8CVSS9.4AI score0.00186EPSS

CVE•added 2023/12/07 12:0 a.m.•30 views

CVE-2023-48831

CVE-2023-48831 affects PHPJabbers Availability Booking Calendar version 5.0. The vulnerability is due to a lack of rate limiting in the function pjActionAJaxSend, which can be exploited over the network to exhaust server resources (resource exhaustion). Documents consistently describe this as a r...

7.5CVSS7.5AI score0.00298EPSS

CVE•added 2023/12/07 12:0 a.m.•28 views

CVE-2023-48208

CVE-2023-48208 concerns PHPJabbers Availability Booking Calendar v5.0. A stored Cross Site Scripting vulnerability exists in index.php that allows injecting JavaScript via the following parameters: name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name. This is the concre...

6.1CVSS6.2AI score0.00255EPSS

Web