GCVE - cpe:2.3:a:janobe:janobe_paypal:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:janobe:janobe_paypal:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Janobe (`958e97e2-37fb-58eb-baa2-792f3e424acf`)
Product	Janobe Paypal (`ce59b669-6ab4-56c9-a814-73636b68e3e9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-33981`	vulnerable	2026-06-03 14:55:53.303684	Cross-site Scripting in Janobe products HIGH (7.1) Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/index.php'. Published: 2024-08-06T11:06:40.992Z Updated: 2024-08-07T18:47:13.010Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33980`	vulnerable	2026-06-03 14:55:53.302914	Cross-site Scripting in Janobe products HIGH (7.1) Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/printreport.php'. Published: 2024-08-06T11:05:42.363Z Updated: 2024-08-08T14:38:43.038Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33979`	vulnerable	2026-06-03 14:55:53.293243	Cross-site Scripting in Janobe products HIGH (7.1) Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'q', 'arrival', 'departure' and 'accomodation' parameters in '/index.php'. Published: 2024-08-06T11:04:43.408Z Updated: 2024-08-07T20:41:38.959Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33966`	vulnerable	2026-06-03 14:55:53.277209	SQL injection in Janobe products CRITICAL (9.8) SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in '/admin/mod_reports/index.php' parameter. Published: 2024-08-06T11:21:21.534Z Updated: 2024-08-08T15:49:30.098Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33965`	vulnerable	2026-06-03 14:55:53.276549	SQL injection in Janobe products CRITICAL (9.8) SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in '/tubigangarden/admin/mod_accomodation/index.php' parameter. Published: 2024-08-06T11:20:53.115Z Updated: 2024-08-06T15:29:34.390Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33964`	vulnerable	2026-06-03 14:55:53.275766	SQL injection in Janobe products CRITICAL (9.8) SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_users/index.php' parameter. Published: 2024-08-06T11:20:18.453Z Updated: 2024-08-06T13:49:35.848Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33963`	vulnerable	2026-06-03 14:55:53.274965	SQL injection in Janobe products CRITICAL (9.8) SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_room/index.php' parameter. Published: 2024-08-06T11:19:43.629Z Updated: 2024-08-06T13:26:37.483Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33962`	vulnerable	2026-06-03 14:55:53.274389	SQL injection in Janobe products CRITICAL (9.8) SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/index.php' parameter. Published: 2024-08-06T11:19:05.216Z Updated: 2024-08-06T18:44:02.442Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33961`	vulnerable	2026-06-03 14:55:53.273509	SQL injection in Janobe products CRITICAL (9.8) SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/controller.php' parameter. Published: 2024-08-06T11:18:02.453Z Updated: 2024-08-07T18:35:39.554Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33960`	vulnerable	2026-06-03 14:55:53.271053	SQL injection in Janobe products CRITICAL (9.8) SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in '/admin/mod_reports/printreport.php' parameter. Published: 2024-08-06T11:17:25.814Z Updated: 2024-08-06T13:48:39.835Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33959`	vulnerable	2026-06-03 14:55:53.265928	SQL injection in Janobe products CRITICAL (9.8) SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'categ' in '/admin/mod_reports/printreport.php' parameter. Published: 2024-08-06T11:12:58.443Z Updated: 2024-08-06T13:28:46.113Z Open on db.gcve.eu Reference links https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.