CVE-2023-40755

CVE-2023-40755 affects PHPJabbers Callback Widget v1.0, with an XSS vulnerability in the theme parameter of preview.php. The issue allows unauthenticated attackers to inject JavaScript through theme, potentially stealing administrator credentials or manipulating callback requests. The root cause ...

CVE-2023-36314

CVE-2023-36314 describes a Cross Site Scripting (XSS) vulnerability in PHPJabbers Callback Widget v1.0, specifically in the value-text-o_sms_email_request_message parameter of index.php. Connected documents confirm the affected product and vulnerable parameter. No exploitation details are provide...

CVE-2023-36312

PHPJabbers Callback Widget v1.0 contains a Cross-Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php. The root cause is improper handling of user-controlled input in this parameter, enabling script execution in the browser. The issue is identified acr...

CVE-2023-36315

The CVE CVE-2023-36315 affects PHPJabbers Callback Widget v1.0, specifically an XSS in the action parameter of index.php. Root cause: improper handling of input in the action parameter leading to cross-site scripting. Impact is described as XSS; exploitation status is not provided in the document...

CVE-2023-40756

PHPJabbers Callback Widget v1.0 is affected by a user-enumeration vulnerability during password recovery, where differing response messages may reveal whether a user exists, enabling brute-force attempts with valid accounts. The NVD lists CVSS 3.1 base score 9.8 (CRITICAL) with network attack vec...