Lucene search
+L
PhpjabbersTime Slots Booking Calendar

9 matches found

CVE
CVE
added 2023/08/01 12:0 a.m.56 views

CVE-2023-33564

CVE-2023-33564 describes a Cross Site Scripting (XSS) vulnerability in the PHPJabbers Time Slots Booking Calendar v3.3, specifically in the theme parameter of preview.php. The issue is documented across multiple sources (NVD, Red Hat, CVE listing, and vendor/third-party pages). The vulnerability ...

6.1CVSS6AI score0.00434EPSS
CVE
CVE
added 2023/08/01 12:0 a.m.50 views

CVE-2023-33561

CVE-2023-33561 affects PHP Jabbers Time Slots Booking Calendar, version 3.3. The root cause is improper input validation of the password parameter, which leads to insecure passwords. Documented references consistently describe this vulnerable password handling, with no public details on a vendor ...

9.8CVSS9.5AI score0.00825EPSS
CVE
CVE
added 2023/08/01 12:0 a.m.46 views

CVE-2023-33562

CVE-2023-33562 concerns PHP Jabbers Time Slots Booking Calendar v3.3. The issue is a user-enumeration flaw occurring during the password-recovery flow, where messages differ between valid and invalid usernames, enabling an attacker to determine valid users and potentially perform a brute-force lo...

9.8CVSS9.3AI score0.0064EPSS
CVE
CVE
added 2023/12/07 12:0 a.m.46 views

CVE-2023-48833

Summary: CVE-2023-48833 affects Time Slots Booking Calendar (v4.0). The vulnerability is a lack of rate limiting in the function pjActionAJaxSend , which can be abused to cause resource exhaustion. The issue is documented with a base score of 7.5 (HIGH) on CVSS 3.1, with network attack vector and...

7.5CVSS7.4AI score0.01051EPSS
CVE
CVE
added 2023/08/01 12:0 a.m.42 views

CVE-2023-33560

CVE-2023-33560: There is a Cross Site Scripting (XSS) vulnerability in the cid parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Affects the vulnerable component and function, enabling client-side script execution due to unsanitized input in cid. Public sources consistently...

6.1CVSS6AI score0.00434EPSS
CVE
CVE
added 2023/08/01 12:0 a.m.41 views

CVE-2023-33563

CVE-2023-33563 affects PHP Jabbers Time Slots Booking Calendar 3.3. The vulnerability is a lack of verification when changing an email address and/or password on the Profile Page, which can enable remote attackers to take over accounts. The issue is documented across multiple feeds as an authoriz...

8.8CVSS8.7AI score0.00564EPSS
CVE
CVE
added 2023/12/07 12:0 a.m.40 views

CVE-2023-48826

Time Slots Booking Calendar 4.0 (PHPJabbers) is vulnerable to CSV injection via the unique ID field in the Reservations List. The root cause is insufficient input validation when exporting to CSV, enabling crafted ID values to inject CSV content. The vulnerability can lead to high-impact outcomes...

8.8CVSS8.7AI score0.01201EPSS
CVE
CVE
added 2023/12/07 12:0 a.m.39 views

CVE-2023-48827

CVE-2023-48827 affects PHPJabbers Time Slots Booking Calendar 4.0. The vulnerability is an HTML injection (XSS) flaw caused by insufficient sanitization in multiple parameters (name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, customer_name). Impact is web-page ...

5.4CVSS5.7AI score0.00465EPSS
CVE
CVE
added 2023/12/07 12:0 a.m.38 views

CVE-2023-48828

CVE-2023-48828 affects Time Slots Booking Calendar 4.0. The vulnerability is a stored cross-site scripting (XSS) flaw exploitable via multiple parameters: name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, and customer_name. Public sources (PacketStorm) document ...

5.4CVSS5.2AI score0.00465EPSS