Stored Cross-Site Scripting Vulnerabilities in Appointment Scheduler by PHPJabbers
CVE-2023-48839
5.4MEDIUM
What is CVE-2023-48839?
Appointment Scheduler version 3.0 contains multiple stored cross-site scripting (XSS) vulnerabilities, which can be exploited via various parameters such as name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, and customer_name. These vulnerabilities allow attackers to inject malicious scripts into the application, compromising user data and potentially enabling further attacks.