Multiple HTML Injection Vulnerabilities in Time Slots Booking Calendar by PHPJabbers
CVE-2023-48827

5.4MEDIUM

Key Information:

Vendor: PHPjabbers
Status: Time Slots Booking Calendar
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-48827?

The Time Slots Booking Calendar version 4.0 developed by PHPJabbers is susceptible to multiple HTML injection vulnerabilities. These vulnerabilities can be exploited through several parameters including name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name. Attackers can leverage this flaw to inject malicious HTML content, potentially compromising the integrity of the application by manipulating the displayed content or carrying out web-based attacks. It is imperative for users to apply appropriate patches and validate incoming data to mitigate these security risks.

References

https://www.phpjabbers.com/time-slots-booking-calendar/

http://packetstormsecurity.com/files/176036

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Nov 20, 2023

PHPjabbers

What is CVE-2023-48827?

References

CVSS V3.1

Timeline