phpjabbers availability_booking_calendar CVE Vulnerabilities (8)

CVEs: 8 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting phpjabbers availability_booking_calendar (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 18 of 8 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-48831 A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. [email protected] 7.5 1.16% 2023-12-07 2026-06-17
CVE-2023-48825 Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. [email protected] 5.4 0.45% 2023-12-07 2026-06-17
CVE-2023-48208 A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. [email protected] 6.1 0.50% 2023-12-07 2026-06-17
CVE-2023-48207 Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. [email protected] 8.8 1.17% 2023-12-07 2026-06-17
CVE-2023-36133 PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change. [email protected] 9.8 0.75% 2023-08-03 2026-06-17
CVE-2023-36132 PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control. [email protected] 9.8 0.75% 2023-08-03 2026-06-17
CVE-2023-36131 PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter. [email protected] 9.8 0.75% 2023-08-03 2026-06-17
CVE-2023-4110 A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 3.5 1.77% 2023-08-02 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence