Reflected Cross-Site Scripting Vulnerability in PHPJabbers Cinema Booking System
CVE-2023-51330

5.4MEDIUM

Key Information:

Vendor: PHPJabbers
Status: Cinema Booking System
Vendor: CVE Published:; 20 February 2025

What is CVE-2023-51330?

The PHPJabbers Cinema Booking System version 1.0 contains a reflected cross-site scripting vulnerability within the 'date' parameter of the Now Showing menu. This security flaw enables an attacker to craft a malicious URL, potentially leading to the execution of unwanted scripts in the user's browser. When unsuspecting users interact with a specially crafted link, their session can be compromised, resulting in data theft or unauthorized actions.

References

https://www.phpjabbers.com/cinema-booking-system/#section...

https://packetstorm.news/files/id/176508

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Dec 18, 2023