Filtered by vendor Phpjabbers
Subscribe
Total
90 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-33561 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2023-12-10 | N/A | 9.8 CRITICAL |
Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords. | |||||
CVE-2023-36141 | 1 Phpjabbers | 1 Cleaning Business Software | 2023-12-10 | N/A | 5.3 MEDIUM |
User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
CVE-2023-38830 | 1 Phpjabbers | 1 Yacht Listing Script | 2023-12-10 | N/A | 7.5 HIGH |
An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module. | |||||
CVE-2023-41538 | 1 Phpjabbers | 1 Php Forum Script | 2023-12-10 | N/A | 6.1 MEDIUM |
phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter. | |||||
CVE-2023-43147 | 1 Phpjabbers | 1 Limo Booking Software | 2023-12-10 | N/A | 8.8 HIGH |
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI. | |||||
CVE-2023-36140 | 1 Phpjabbers | 1 Cleaning Business Software | 2023-12-10 | N/A | 9.8 CRITICAL |
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts. | |||||
CVE-2023-33562 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2023-12-10 | N/A | 9.8 CRITICAL |
User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
CVE-2023-40751 | 1 Phpjabbers | 1 Fundraising Script | 2023-12-10 | N/A | 6.1 MEDIUM |
PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php. | |||||
CVE-2023-36315 | 1 Phpjabbers | 1 Callback Widget | 2023-12-10 | N/A | 6.1 MEDIUM |
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0. | |||||
CVE-2023-40764 | 1 Phpjabbers | 1 Car Rental Script | 2023-12-10 | N/A | 9.8 CRITICAL |
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
CVE-2023-36136 | 1 Phpjabbers | 1 Class Scheduling System | 2023-12-10 | N/A | 6.5 MEDIUM |
PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. | |||||
CVE-2023-36313 | 1 Phpjabbers | 1 Document Creator | 2023-12-10 | N/A | 6.1 MEDIUM |
PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed". | |||||
CVE-2023-33564 | 1 Phpjabbers | 1 Time Slots Booking Calendar | 2023-12-10 | N/A | 6.1 MEDIUM |
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. | |||||
CVE-2023-40759 | 1 Phpjabbers | 1 Restaurant Booking Script | 2023-12-10 | N/A | 9.8 CRITICAL |
User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
CVE-2023-40750 | 1 Phpjabbers | 1 Yacht Listing Script | 2023-12-10 | N/A | 6.1 MEDIUM |
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0. | |||||
CVE-2023-43274 | 1 Phpjabbers | 1 Php Shopping Cart | 2023-12-10 | N/A | 7.5 HIGH |
Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. | |||||
CVE-2023-36138 | 1 Phpjabbers | 1 Cleaning Business Software | 2023-12-10 | N/A | 6.1 MEDIUM |
PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php. | |||||
CVE-2023-40766 | 1 Phpjabbers | 1 Ticket Support Script | 2023-12-10 | N/A | 9.8 CRITICAL |
User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | |||||
CVE-2023-36309 | 1 Phpjabbers | 1 Document Creator | 2023-12-10 | N/A | 6.1 MEDIUM |
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0. | |||||
CVE-2023-40753 | 1 Phpjabbers | 1 Ticket Support Script | 2023-12-10 | N/A | 5.4 MEDIUM |
There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2. |