Time Slots Booking Calendar

time_slots_booking_calendar

Vendor: Phpjabbers • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-48833 1Phpjabbers 1Time Slots Booking Calendar Nov 21, 2024 Dec 7, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion.
CVE-2023-48828 1Phpjabbers 1Time Slots Booking Calendar Nov 21, 2024 Dec 7, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
CVE-2023-48827 1Phpjabbers 1Time Slots Booking Calendar Nov 21, 2024 Dec 7, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
CVE-2023-48826 1Phpjabbers 1Time Slots Booking Calendar Nov 21, 2024 Dec 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.
CVE-2023-33564 1Phpjabbers 1Time Slots Booking Calendar Nov 21, 2024 Aug 1, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.
CVE-2023-33563 1Phpjabbers 1Time Slots Booking Calendar Nov 21, 2024 Aug 1, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
CVE-2023-33562 1Phpjabbers 1Time Slots Booking Calendar Nov 21, 2024 Aug 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, e...Show more User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.Show less
CVE-2023-33561 1Phpjabbers 1Time Slots Booking Calendar Nov 21, 2024 Aug 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords.
CVE-2023-33560 1Phpjabbers 1Time Slots Booking Calendar Nov 21, 2024 Aug 1, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.