5 matches found
CVE-2023-4111
PHP Jabbers Bus Reservation System 1.1 has a cross-site scripting vulnerability in /index.php via the pickup_id (and related index parameter) that can be exploited remotely. Multiple connected sources identify the issue as RXSS/REFLECTED XSS in the index.php endpoint, affecting the file’s handlin...
CVE-2023-51316
CVE-2023-51316 affects PHPJabbers Bus Reservation System v1.1, with no rate limiting in the Forgot Password/Email flow. This allows an attacker to trigger a flood of email messages for a legitimate user, meeting the criteria for a Denial of Service due to high availability impact. Multiple source...
CVE-2023-51318
CVE-2023-51318 affects PHPJabbers Bus Reservation System v1.1. The vulnerability is described as Multiple Stored Cross-Site Scripting (XSS) in the title and name parameters. Public references (e.g., PacketStorm) provide an exploit narrative showing stored XSS behavior when adding a user with craf...
CVE-2023-51319
The CVE-2023-51319 issue affects PHPJabbers Bus Reservation System v1.1. The vulnerability arises from insufficient input validation in the Languages section (Labels) within System Options, which is used to construct CSV files. This CSV injection can be triggered when exporting data, enabling an ...
CVE-2023-53877
CVE-2023-53877 affects Bus Reservation System 1.1. The vulnerability is a SQL injection in the pickup_id parameter, enabling attackers to manipulate database queries. Techniques cited: boolean-based , error-based , and time-based blind SQL injection to steal information from the database. Practic...