Cross Site Scripting Vulnerability in PHPJabbers Class Scheduling System
CVE-2023-36137

6.1MEDIUM

Key Information:

Vendor

PHPjabbers

Status
Class Scheduling System
Vendor
CVE Published:
4 August 2023

What is CVE-2023-36137?

A security issue exists in the PHPJabbers Class Scheduling System version 1.0, where the 'theme' parameter of preview.php is susceptible to Cross Site Scripting (XSS). This vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, potentially compromising sensitive information or performing unauthorized actions.

References

https://www.phpjabbers.com/class-scheduling-system
https://medium.com/%40bcksec/multiple-vulnerabilities-in-...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.