4 matches found
CVE-2023-36136
The CVE affects PHPJabbers Class Scheduling System 1.0. The issue is that password handling on the update user page lacks encryption, allowing an attacker to capture all usernames and passwords in clear text. This directly impacts confidentiality and enables credential exposure without requiring ...
CVE-2023-36137
CVE-2023-36137 affects PHPJabbers Class Scheduling System v1.0. The vulnerability is a Cross Site Scripting (XSS) in the theme parameter of preview.php. Root cause: untrusted input in the theme parameter can be reflected in the page, enabling script execution. According to the CVSS data, the impa...
CVE-2023-36135
The CVE-2023-36135 issue affects PHPJabbers Class Scheduling System v1.0. During password recovery, a difference in responses between valid and invalid usernames enables user enumeration, which can facilitate brute-forcing existing accounts. The NVD entry and related sources confirm the affected ...
CVE-2023-36134
CVE-2023-36134 affects PHP Jabbers Class Scheduling System 1.0. The issue is a lack of verification when changing an email address and/or password on the Profile Page, enabling remote attackers to take over accounts. No exploit vectors or affected versions beyond 1.0 are specified in the provided...