2 matches found
CVE-2023-40752
PHPJabbers Make an Offer Widget v1.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the action parameter of index.php. The issue, confirmed across multiple sources, allows unauthenticated input in the action parameter to be reflected in the page, with user interaction required. This...
CVE-2023-40767
CVE-2023-40767 affects PHPJabbers Make an Offer Widget v1.0. The issue is user enumeration during password recovery: messages differ between valid and invalid usernames, enabling brute-forcing with valid users. Base CVSS 3.1: 9.8 (Network, High impact on confidentiality, integrity, availability)....