PhpjabbersCVEs & Vulnerabilities

136 CVEs affecting Phpjabbers products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

cleaning business software 9time slots booking calendar 9appointment scheduler 8cinema booking system 8availability booking calendar 8fundraising script 7event booking calendar 7car rental script 6
CVE-2023-48840HIGH

A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion.

7 Dec 2023
7.5
CVSS
CVE-2023-48839MEDIUM

Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.

7 Dec 2023
5.4
CVSS
CVE-2023-48838MEDIUM

Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.

7 Dec 2023
5.4
CVSS
CVE-2023-48837MEDIUM

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.

7 Dec 2023
5.4
CVSS
CVE-2023-48836MEDIUM

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.

7 Dec 2023
5.4
CVSS
CVE-2023-48835HIGH

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.

7 Dec 2023
8.8
CVSS
CVE-2023-48834HIGH

A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion.

7 Dec 2023
7.5
CVSS
CVE-2023-48833HIGH

A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion.

7 Dec 2023
7.5
CVSS
CVE-2023-48831HIGH

A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion.

7 Dec 2023
7.5
CVSS
CVE-2023-48830HIGH

Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export.

7 Dec 2023
8.8
CVSS
CVE-2023-48828MEDIUM

Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.

7 Dec 2023
5.4
CVSS
CVE-2023-48827MEDIUM

Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.

7 Dec 2023
5.4
CVSS
CVE-2023-48826HIGH

Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.

7 Dec 2023
8.8
CVSS
CVE-2023-48825MEDIUM

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.

7 Dec 2023
5.4
CVSS
CVE-2023-48208MEDIUM

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.

7 Dec 2023
6.1
CVSS
CVE-2023-48207HIGH

Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component.

7 Dec 2023
8.8
CVSS
CVE-2023-48172MEDIUM

A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php.

7 Dec 2023
5.4
CVSS
CVE-2023-43147HIGH

PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.

12 Oct 2023
8.8
CVSS
CVE-2023-36127HIGH

User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

11 Oct 2023
7.5
CVSS
CVE-2023-36126MEDIUM

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0

11 Oct 2023
6.1
CVSS
CVE-2023-43274HIGH

Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.

21 Sep 2023
7.5
CVSS
CVE-2023-36140CRITICAL

In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.

11 Sep 2023
9.8
CVSS
CVE-2023-41539HIGH

phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter.

30 Aug 2023
7.5
CVSS
CVE-2023-41538MEDIUM

phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.

30 Aug 2023
6.1
CVSS
CVE-2023-41537MEDIUM

phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.

30 Aug 2023
6.1
CVSS
CVE-2023-40767CRITICAL

User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

28 Aug 2023
9.8
CVSS
CVE-2023-40766CRITICAL

User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

28 Aug 2023
9.8
CVSS
CVE-2023-40765CRITICAL

User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

28 Aug 2023
9.8
CVSS
CVE-2023-40764CRITICAL

User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

28 Aug 2023
9.8
CVSS
CVE-2023-40763CRITICAL

User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

28 Aug 2023
9.8
CVSS
CVE-2023-40762CRITICAL

User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

28 Aug 2023
9.8
CVSS
CVE-2023-40761CRITICAL

User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

28 Aug 2023
9.8
CVSS
CVE-2023-40760CRITICAL

User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

28 Aug 2023
9.8
CVSS
CVE-2023-40759CRITICAL

User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

28 Aug 2023
9.8
CVSS
CVE-2023-40758CRITICAL

User enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

28 Aug 2023
9.8
CVSS
CVE-2023-40757CRITICAL

User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

28 Aug 2023
9.8
CVSS
CVE-2023-40756CRITICAL

User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

28 Aug 2023
9.8
CVSS
CVE-2023-40755MEDIUM

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.

28 Aug 2023
6.1
CVSS
CVE-2023-40754HIGH

In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

28 Aug 2023
8.8
CVSS
CVE-2023-40753MEDIUM

There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2.

28 Aug 2023
5.4
CVSS
CVE-2023-40752MEDIUM

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0.

28 Aug 2023
6.1
CVSS
CVE-2023-40751MEDIUM

PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php.

28 Aug 2023
6.1
CVSS
CVE-2023-40750MEDIUM

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0.

28 Aug 2023
6.1
CVSS
CVE-2023-40749CRITICAL

PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php.

28 Aug 2023
9.8
CVSS
CVE-2023-36315MEDIUM

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0.

10 Aug 2023
6.1
CVSS
CVE-2023-36314MEDIUM

There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0.

10 Aug 2023
6.1
CVSS
CVE-2023-36313MEDIUM

PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed".

10 Aug 2023
6.1
CVSS
CVE-2023-36312MEDIUM

There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0.

10 Aug 2023
5.4
CVSS