Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-09
A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-09
Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-09
A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-09
A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-09
A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-09
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-09
Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-09
Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-12-07
Updated
2023-12-09
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-12-07
Updated
2023-12-09
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-11
A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php.
Max CVSS
5.4
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-09
Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-09-21
Updated
2023-09-22
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-10-12
Updated
2023-10-18
phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-08-30
Updated
2023-09-05
phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.
Max CVSS
6.1
EPSS Score
0.09%
Published
2023-08-30
Updated
2023-08-31
phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-08-30
Updated
2023-08-31
User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-08-28
Updated
2023-08-29
User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-08-28
Updated
2023-08-29
90 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!