Stored Cross-Site Scripting Vulnerabilities in Appointment Scheduler by PHPJabbers
CVE-2023-48839

5.4MEDIUM

Key Information:

Vendor: PHPjabbers
Status: Appointment Scheduler
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-48839?

Appointment Scheduler version 3.0 contains multiple stored cross-site scripting (XSS) vulnerabilities, which can be exploited via various parameters such as name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, and customer_name. These vulnerabilities allow attackers to inject malicious scripts into the application, compromising user data and potentially enabling further attacks.

References

https://www.phpjabbers.com/appointment-scheduler/

http://packetstormsecurity.com/files/176055

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Nov 20, 2023

JSON

PHPjabbers

What is CVE-2023-48839?

References

CVSS V3.1

Timeline