VYPR

Vendor CVEs

Phpjabbers

All CVEs

107 total · sorted by risk
  • CVE-2024-57429Feb 6, 2025
    risk 0.00cvss epss 0.00

    A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request.

  • CVE-2024-57428Feb 6, 2025
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript,…

  • CVE-2024-57427Feb 6, 2025
    risk 0.00cvss epss 0.00

    PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim’s browser. Attackers can craft malicious links to steal session cookies or conduct…

  • CVE-2023-48838Dec 7, 2023
    risk 0.00cvss epss 0.00

    Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.

  • CVE-2023-48839Dec 7, 2023
    risk 0.00cvss epss 0.00

    Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.

  • CVE-2023-48172Dec 7, 2023
    risk 0.00cvss epss 0.01

    A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php.

  • CVE-2023-48830Dec 7, 2023
    risk 0.00cvss epss 0.01

    Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export.

  • CVE-2023-48826Dec 7, 2023
    risk 0.00cvss epss 0.01

    Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.

  • CVE-2023-48840Dec 7, 2023
    risk 0.00cvss epss 0.01

    A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion.

  • CVE-2023-48833Dec 7, 2023
    risk 0.00cvss epss 0.01

    A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion.

  • CVE-2023-48841Dec 7, 2023
    risk 0.00cvss epss 0.01

    Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.

  • CVE-2023-48828Dec 7, 2023
    risk 0.00cvss epss 0.00

    Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.

  • CVE-2023-43147Oct 12, 2023
    risk 0.00cvss epss 0.00

    PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.

  • CVE-2023-36127Oct 10, 2023
    risk 0.00cvss epss 0.01

    User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-36126Oct 10, 2023
    risk 0.00cvss epss 0.00

    There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0

  • CVE-2023-36140Sep 11, 2023
    risk 0.00cvss epss 0.00

    In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.

  • CVE-2023-40752Aug 28, 2023
    risk 0.00cvss epss 0.01

    There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0.

  • CVE-2023-40765Aug 28, 2023
    risk 0.00cvss epss 0.01

    User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-40753Aug 28, 2023
    risk 0.00cvss epss 0.01

    There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2.

  • CVE-2023-40751Aug 28, 2023
    risk 0.00cvss epss 0.01

    PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php.

  • CVE-2023-40758Aug 28, 2023
    risk 0.00cvss epss 0.01

    User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-40761Aug 28, 2023
    risk 0.00cvss epss 0.01

    User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-40763Aug 28, 2023
    risk 0.00cvss epss 0.01

    User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-40766Aug 28, 2023
    risk 0.00cvss epss 0.01

    User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-40750Aug 28, 2023
    risk 0.00cvss epss 0.01

    There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0.

  • CVE-2023-40759Aug 28, 2023
    risk 0.00cvss epss 0.01

    User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-40767Aug 28, 2023
    risk 0.00cvss epss 0.01

    User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-40755Aug 28, 2023
    risk 0.00cvss epss 0.01

    There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.

  • CVE-2023-40762Aug 28, 2023
    risk 0.00cvss epss 0.01

    User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-40757Aug 28, 2023
    risk 0.00cvss epss 0.01

    User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-40756Aug 28, 2023
    risk 0.00cvss epss 0.01

    User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-36311Aug 10, 2023
    risk 0.00cvss epss 0.01

    There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.

  • CVE-2023-36310Aug 10, 2023
    risk 0.00cvss epss 0.00

    There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.

  • CVE-2023-36313Aug 10, 2023
    risk 0.00cvss epss 0.00

    PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed".

  • CVE-2023-39776Aug 10, 2023
    risk 0.00cvss epss 0.01

    A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2023-38830Aug 10, 2023
    risk 0.00cvss epss 0.01

    An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.

  • CVE-2023-36314Aug 10, 2023
    risk 0.00cvss epss 0.00

    There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0.

  • CVE-2023-36312Aug 10, 2023
    risk 0.00cvss epss 0.00

    There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0.

  • CVE-2023-36315Aug 10, 2023
    risk 0.00cvss epss 0.00

    There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0.

  • CVE-2023-36309Aug 10, 2023
    risk 0.00cvss epss 0.00

    There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0.

  • CVE-2023-36141Aug 3, 2023
    risk 0.00cvss epss 0.00

    User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-36138Aug 3, 2023
    risk 0.00cvss epss 0.00

    PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.

  • CVE-2023-36139Aug 3, 2023
    risk 0.00cvss epss 0.00

    In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

  • CVE-2023-33561Aug 1, 2023
    risk 0.00cvss epss 0.01

    Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords.

  • CVE-2023-33560Aug 1, 2023
    risk 0.00cvss epss 0.00

    There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.

  • CVE-2023-33562Aug 1, 2023
    risk 0.00cvss epss 0.01

    User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

  • CVE-2023-33563Aug 1, 2023
    risk 0.00cvss epss 0.01

    In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

  • CVE-2023-34869Aug 1, 2023
    risk 0.00cvss epss 0.00

    PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot.

  • CVE-2023-33564Aug 1, 2023
    risk 0.00cvss epss 0.00

    There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.

  • CVE-2023-3558Jul 8, 2023
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in GZ Scripts Event Booking Calendar 1.8. Affected is an unknown function of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible…