Lucene search
+L
PhpjabbersBus Reservation System

5 matches found

CVE
CVE
added 2023/08/03 4:0 a.m.95 views

CVE-2023-4111

PHP Jabbers Bus Reservation System 1.1 has a cross-site scripting vulnerability in /index.php via the pickup_id (and related index parameter) that can be exploited remotely. Multiple connected sources identify the issue as RXSS/REFLECTED XSS in the index.php endpoint, affecting the file’s handlin...

6.1CVSS5AI score0.02499EPSS
Web
CVE
CVE
added 2025/02/20 12:0 a.m.54 views

CVE-2023-51316

CVE-2023-51316 affects PHPJabbers Bus Reservation System v1.1, with no rate limiting in the Forgot Password/Email flow. This allows an attacker to trigger a flood of email messages for a legitimate user, meeting the criteria for a Denial of Service due to high availability impact. Multiple source...

7.5CVSS7.4AI score0.00679EPSS
CVE
CVE
added 2025/02/20 12:0 a.m.54 views

CVE-2023-51318

CVE-2023-51318 affects PHPJabbers Bus Reservation System v1.1. The vulnerability is described as Multiple Stored Cross-Site Scripting (XSS) in the title and name parameters. Public references (e.g., PacketStorm) provide an exploit narrative showing stored XSS behavior when adding a user with craf...

5.4CVSS5.2AI score0.00322EPSS
CVE
CVE
added 2025/02/20 12:0 a.m.54 views

CVE-2023-51319

The CVE-2023-51319 issue affects PHPJabbers Bus Reservation System v1.1. The vulnerability arises from insufficient input validation in the Languages section (Labels) within System Options, which is used to construct CSV files. This CSV injection can be triggered when exporting data, enabling an ...

8.8CVSS8.8AI score0.00635EPSS
CVE
CVE
added 2025/12/15 8:28 p.m.15 views

CVE-2023-53877

CVE-2023-53877 affects Bus Reservation System 1.1. The vulnerability is a SQL injection in the pickup_id parameter, enabling attackers to manipulate database queries. Techniques cited: boolean-based , error-based , and time-based blind SQL injection to steal information from the database. Practic...

9.8CVSS7.3AI score0.00392EPSS