Phpjabbers : Security Vulnerabilities, CVEs,
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-09
A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-09
Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-09
A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-09
A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-09
A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-09
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-09
Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-09
Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-09
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-11
A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php.
Max CVSS
5.4
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-09
Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-09-21
Updated
2023-09-22
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-10-12
Updated
2023-10-18
phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-08-30
Updated
2023-09-05
phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.
Max CVSS
6.1
EPSS Score
0.09%
Published
2023-08-30
Updated
2023-08-31
phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-08-30
Updated
2023-08-31
User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-08-28
Updated
2023-08-29
User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-08-28
Updated
2023-08-29