CVE-2020-35416

Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.
Configurations

Configuration 1 (hide)

cpe:2.3:a:onlineonly:phpjabbers_appointment_scheduler:2.3:*:*:*:*:*:*:*

History

06 Aug 2022, 03:54

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/160600/PHPJabbers-Appointment-Scheduler-2.3-Cross-Site-Scripting.html - Exploit, Third Party Advisory (MISC) http://packetstormsecurity.com/files/160600/PHPJabbers-Appointment-Scheduler-2.3-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry
References (MISC) https://www.exploit-db.com/exploits/49281 - (MISC) https://www.exploit-db.com/exploits/49281 - Exploit, Third Party Advisory, VDB Entry
CPE cpe:2.3:a:stivasoft:phpjabbers_appointment_scheduler:2.3:*:*:*:*:*:*:* cpe:2.3:a:onlineonly:phpjabbers_appointment_scheduler:2.3:*:*:*:*:*:*:*
First Time Onlineonly phpjabbers Appointment Scheduler
Onlineonly

Information

Published : 2020-12-15 21:15

Updated : 2022-08-06 03:54


NVD link : CVE-2020-35416

Mitre link : CVE-2020-35416


JSON object : View

Products Affected

onlineonly

  • phpjabbers_appointment_scheduler
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')