HTML Injection Vulnerability in PHPJabbers Car Park Booking System
CVE-2023-51308

6.1MEDIUM

Key Information:

Vendor: PHPJabbers
Status: Car Park Booking System
Vendor: CVE Published:; 20 February 2025

Summary

The PHPJabbers Car Park Booking System version 3.0 is susceptible to multiple HTML injection issues. These vulnerabilities can be exploited through specific parameters, including 'name', 'plugin_sms_api_key', 'plugin_sms_country_code', and 'title'. Attackers can leverage these flaws to inject malicious HTML content, potentially leading to unauthorized actions and compromised data integrity within the web application.

References

https://www.phpjabbers.com/car-park-booking/#sectionDemo

https://packetstorm.news/files/id/176491

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Dec 18, 2023