GCVE - cpe:2.3:a:phpjabbers:callback_widget:1.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:phpjabbers:callback_widget:1.0:*:*:*:*:*:*:*

part: a version: 1.0 update: *

Vendor	Phpjabbers (`2f919538-31c8-5cbb-b18c-c6079deaeb0d`)
Product	Callback Widget (`618d5efb-4fbd-5bbc-8ad1-22b71804eede`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-40756`	vulnerable	2026-06-03 14:52:50.626901	Details available User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. Published: 2023-08-28T00:00:00.000Z Updated: 2024-10-02T15:43:34.190Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/callback-widget/ https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-40755`	vulnerable	2026-06-03 14:52:50.626533	Details available There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. Published: 2023-08-28T00:00:00.000Z Updated: 2024-10-02T15:47:09.670Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/callback-widget/ https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-36315`	vulnerable	2026-06-03 14:52:19.778755	Details available There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0. Published: 2023-08-10T00:00:00.000Z Updated: 2024-10-09T20:38:41.831Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/callback-widget https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-36314`	vulnerable	2026-06-03 14:52:19.778488	Details available There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0. Published: 2023-08-10T00:00:00.000Z Updated: 2024-10-09T20:15:43.091Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/callback-widget https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-36312`	vulnerable	2026-06-03 14:52:19.777821	Details available There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0. Published: 2023-08-10T00:00:00.000Z Updated: 2024-10-09T20:22:14.904Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/callback-widget/ https://medium.com/%40milfortutz/multiple-vulnerabilities-in-phpjabbers-part-1-6703becb4cd4	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.