PHPJabbers Availability Booking Calendar 5.0
Approved changes feed: RSS · Atom
cpe:2.3:a:phpjabbers:availability_booking_calendar:5.0:*:*:*:*:*:*:*
part: a version: 5.0 update: *
| Vendor | Phpjabbers (2f919538-31c8-5cbb-b18c-c6079deaeb0d) |
|---|---|
| Product | Availability Booking Calendar (19a5d39d-4c21-5862-8a89-c9ba5d04b76a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-4110 |
vulnerable | 2026-06-03 14:53:27.302643 |
PHP Jabbers Availability Booking Calendar index.php cross site scripting
LOW (3.5)
A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2023-08-03T02:31:03.086Z
Updated: 2024-10-10T20:24:43.497Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48831 |
vulnerable | 2026-06-03 14:53:19.920196 |
Details available
A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion.
Published: 2023-12-07T00:00:00.000Z
Updated: 2024-10-09T15:14:42.574Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48825 |
vulnerable | 2026-06-03 14:53:19.917477 |
Details available
Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
Published: 2023-12-07T00:00:00.000Z
Updated: 2024-08-02T21:46:28.258Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48208 |
vulnerable | 2026-06-03 14:53:18.545188 |
Details available
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.
Published: 2023-12-07T00:00:00.000Z
Updated: 2024-11-26T15:38:44.644Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48207 |
vulnerable | 2026-06-03 14:53:18.544799 |
Details available
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component.
Published: 2023-12-07T00:00:00.000Z
Updated: 2024-08-02T21:23:39.103Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-36133 |
vulnerable | 2026-06-03 14:52:19.653175 |
Details available
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.
Published: 2023-08-03T00:00:00.000Z
Updated: 2024-10-17T19:40:11.924Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-36132 |
vulnerable | 2026-06-03 14:52:19.652837 |
Details available
PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.
Published: 2023-08-03T00:00:00.000Z
Updated: 2024-10-17T18:01:14.399Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-36131 |
vulnerable | 2026-06-03 14:52:19.652455 |
Details available
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.
Published: 2023-08-03T00:00:00.000Z
Updated: 2024-10-17T18:17:21.472Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.