HTML Injection Vulnerability in Appointment Scheduler by PHPJabbers
CVE-2023-48838

5.4MEDIUM

Key Information:

Vendor: PHPjabbers
Status: Appointment Scheduler
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-48838?

The Appointment Scheduler 3.0 by PHPJabbers is exposed to multiple HTML Injection vulnerabilities, attributed to its handling of user inputs through the SMS API Key and Default Country Code functionalities. These weaknesses could allow attackers to inject malicious HTML, threatening the integrity and security of users' data and sessions. Mitigating these issues is critical to safeguard applications against potential exploits that could arise from this vulnerability.

References

https://www.phpjabbers.com/appointment-scheduler/

http://packetstormsecurity.com/files/176054

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Nov 20, 2023

PHPjabbers

What is CVE-2023-48838?

References

CVSS V3.1

Timeline