Filtered by vendor Phpjabbers
Subscribe
Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33560 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-02-05 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. | |||||
| CVE-2023-36133 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-02-05 | N/A | 9.8 CRITICAL |
| PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change. | |||||
| CVE-2023-33562 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-02-05 | N/A | 9.8 CRITICAL |
| User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-38830 | 1 Phpjabbers | 1 Yacht Listing Script | 2024-02-05 | N/A | 7.5 HIGH |
| An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module. | |||||
| CVE-2023-36135 | 1 Phpjabbers | 1 Class Scheduling System | 2024-02-05 | N/A | 7.5 HIGH |
| User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
| CVE-2023-36132 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-02-05 | N/A | 9.8 CRITICAL |
| PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control. | |||||
| CVE-2023-36138 | 1 Phpjabbers | 1 Cleaning Business Software | 2024-02-05 | N/A | 6.1 MEDIUM |
| PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php. | |||||
| CVE-2023-33561 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-02-05 | N/A | 9.8 CRITICAL |
| Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords. | |||||
| CVE-2023-36139 | 1 Phpjabbers | 1 Cleaning Business Software | 2024-02-05 | N/A | 9.8 CRITICAL |
| In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. | |||||
| CVE-2023-33564 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2024-02-05 | N/A | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. | |||||
| CVE-2023-34869 | 1 Phpjabbers | 1 Catering System | 2024-02-05 | N/A | 6.1 MEDIUM |
| PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot. | |||||
| CVE-2023-36136 | 1 Phpjabbers | 1 Class Scheduling System | 2024-02-05 | N/A | 6.5 MEDIUM |
| PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. | |||||
| CVE-2020-22222 | 1 Phpjabbers | 1 Fundraising Script | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function. | |||||
| CVE-2020-22225 | 1 Phpjabbers | 1 Fundraising Script | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function. | |||||
| CVE-2020-22223 | 1 Phpjabbers | 1 Fundraising Script | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function. | |||||
| CVE-2020-22226 | 1 Phpjabbers | 1 Fundraising Script | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function. | |||||
| CVE-2020-22224 | 1 Phpjabbers | 1 Fundraising Script | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function. | |||||
| CVE-2017-15384 | 1 Phpjabbers | 1 Rate Me | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. | |||||
| CVE-2014-10014 | 1 Phpjabbers | 1 Event Booking Calendar | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller. | |||||
| CVE-2014-10015 | 1 Phpjabbers | 1 Event Booking Calendar | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||