GCVE - cpe:2.3:a:phpjabbers:appointment_scheduler:3.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:phpjabbers:appointment_scheduler:3.0:*:*:*:*:*:*:*

part: a version: 3.0 update: *

Vendor	Phpjabbers (`2f919538-31c8-5cbb-b18c-c6079deaeb0d`)
Product	Appointment Scheduler (`9a859eff-b206-5eaf-b48f-0b3d44a4ea9a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-48841`	vulnerable	2026-06-03 14:53:19.925967	Details available Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Published: 2023-12-07T00:00:00.000Z Updated: 2024-10-09T15:05:11.826Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/appointment-scheduler/ http://packetstormsecurity.com/files/176058	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-48840`	vulnerable	2026-06-03 14:53:19.925626	Details available A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. Published: 2023-12-07T00:00:00.000Z Updated: 2024-08-02T21:46:28.298Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/appointment-scheduler/ http://packetstormsecurity.com/files/176056	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-48839`	vulnerable	2026-06-03 14:53:19.925364	Details available Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Published: 2023-12-07T00:00:00.000Z Updated: 2024-08-02T21:46:28.901Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/appointment-scheduler/ http://packetstormsecurity.com/files/176055	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-48838`	vulnerable	2026-06-03 14:53:19.925011	Details available Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. Published: 2023-12-07T00:00:00.000Z Updated: 2024-08-02T21:46:28.330Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/appointment-scheduler/ http://packetstormsecurity.com/files/176054	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-36127`	vulnerable	2026-06-03 14:52:19.650972	Details available User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. Published: 2023-10-10T00:00:00.000Z Updated: 2024-09-19T15:00:04.301Z Open on db.gcve.eu Reference links https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-36126`	vulnerable	2026-06-03 14:52:19.650587	Details available There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 Published: 2023-10-10T00:00:00.000Z Updated: 2024-09-19T13:59:57.670Z Open on db.gcve.eu Reference links https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

PHPJabbers Appointment Scheduler 3.0

PURL mappings

Vulnerability references

Contribute