HTML Injection Vulnerability in PHPJabbers Restaurant Booking System
CVE-2023-51317

6.5MEDIUM

Key Information:

Vendor: PHPJabbers
Status: Restaurant Booking System
Vendor: CVE Published:; 20 February 2025

Summary

The PHPJabbers Restaurant Booking System v3.0 contains a security vulnerability that allows for multiple HTML injection attacks via the 'name', 'plugin_sms_api_key', 'plugin_sms_country_code', and 'title' parameters. This flaw could enable attackers to inject malicious HTML content, potentially compromising the integrity of the web application and affecting user interactions.

References

https://www.phpjabbers.com/restaurant-booking-system/#sec...

https://packetstorm.news/files/id/176493

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Dec 18, 2023