5 matches found
CVE-2023-36309
CVE-2023-36309 affects PHPJabbers Document Creator v1.0, with a Cross-Site Scripting (XSS) flaw in the action parameter of index.php. The issue is documented across multiple sources (NVD, Red Hat, CVE lists) with the vulnerability described as XSS in the action parameter, but concrete exploit det...
CVE-2023-36310
Summary (CVE-2023-36310): A cross-site scripting (XSS) vulnerability exists in PHPJabbers Document Creator v1.0, specifically in the column parameter of index.php. The root cause is unvalidated input in the column parameter leading to script execution. The NVD entry rates it as CVSS v3.1 base sco...
CVE-2023-36311
CVE-2023-36311: SQL injection in the PHPJabbers Document Creator v1.0, triggered by the column parameter of index.php. Affects PHPJabbers Document Creator; root cause is unsafely handled SQL in the column param. Documented references indicate high risk (NVD/Red Hat entries) with no explicit explo...
CVE-2023-40758
CVE-2023-40758 affects PHPJabbers Document Creator v1.0. The issue is a user-enumeration vulnerability during the password-recovery process caused by differing response messages that let an attacker determine whether a given username exists, enabling targeted brute-forcing with valid users. The a...
CVE-2023-36313
PHPJabbers Document Creator v1.0 is reported vulnerable to Cross Site Scripting (XSS) via all post parameters of the Export Requests action, excluding request_feed. Affected component is the Document Creator’s web interface handling export requests; root cause is unvalidated/unsanitized input in ...