9 matches found
CVE-2023-33564
CVE-2023-33564 describes a Cross Site Scripting (XSS) vulnerability in the PHPJabbers Time Slots Booking Calendar v3.3, specifically in the theme parameter of preview.php. The issue is documented across multiple sources (NVD, Red Hat, CVE listing, and vendor/third-party pages). The vulnerability ...
CVE-2023-33561
CVE-2023-33561 affects PHP Jabbers Time Slots Booking Calendar, version 3.3. The root cause is improper input validation of the password parameter, which leads to insecure passwords. Documented references consistently describe this vulnerable password handling, with no public details on a vendor ...
CVE-2023-33562
CVE-2023-33562 concerns PHP Jabbers Time Slots Booking Calendar v3.3. The issue is a user-enumeration flaw occurring during the password-recovery flow, where messages differ between valid and invalid usernames, enabling an attacker to determine valid users and potentially perform a brute-force lo...
CVE-2023-48833
Summary: CVE-2023-48833 affects Time Slots Booking Calendar (v4.0). The vulnerability is a lack of rate limiting in the function pjActionAJaxSend , which can be abused to cause resource exhaustion. The issue is documented with a base score of 7.5 (HIGH) on CVSS 3.1, with network attack vector and...
CVE-2023-33560
CVE-2023-33560: There is a Cross Site Scripting (XSS) vulnerability in the cid parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Affects the vulnerable component and function, enabling client-side script execution due to unsanitized input in cid. Public sources consistently...
CVE-2023-33563
CVE-2023-33563 affects PHP Jabbers Time Slots Booking Calendar 3.3. The vulnerability is a lack of verification when changing an email address and/or password on the Profile Page, which can enable remote attackers to take over accounts. The issue is documented across multiple feeds as an authoriz...
CVE-2023-48826
Time Slots Booking Calendar 4.0 (PHPJabbers) is vulnerable to CSV injection via the unique ID field in the Reservations List. The root cause is insufficient input validation when exporting to CSV, enabling crafted ID values to inject CSV content. The vulnerability can lead to high-impact outcomes...
CVE-2023-48827
CVE-2023-48827 affects PHPJabbers Time Slots Booking Calendar 4.0. The vulnerability is an HTML injection (XSS) flaw caused by insufficient sanitization in multiple parameters (name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, customer_name). Impact is web-page ...
CVE-2023-48828
CVE-2023-48828 affects Time Slots Booking Calendar 4.0. The vulnerability is a stored cross-site scripting (XSS) flaw exploitable via multiple parameters: name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, and customer_name. Public sources (PacketStorm) document ...