Skip to main content

Appointment Scheduler

8 CVEs product

Monthly

CVE-2023-48841 HIGH POC This Week

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Appointment Scheduler
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-48840 HIGH POC This Week

A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Appointment Scheduler
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48839 MEDIUM This Month

Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Appointment Scheduler
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48838 MEDIUM POC This Month

Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appointment Scheduler
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-36127 HIGH This Week

User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appointment Scheduler
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36126 MEDIUM This Month

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Appointment Scheduler
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2014-10010 MEDIUM POC This Month

Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Appointment Scheduler
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
7.2%
CVE-2014-10001 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Appointment Scheduler
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.1%
EPSS 1% CVSS 8.8
HIGH POC This Week

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Appointment Scheduler
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Appointment Scheduler
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Appointment Scheduler
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appointment Scheduler
NVD
EPSS 1% CVSS 7.5
HIGH This Week

User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appointment Scheduler
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Appointment Scheduler
NVD
EPSS 7% CVSS 5.0
MEDIUM POC This Month

Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Appointment Scheduler
NVD Exploit-DB
EPSS 1% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS CSRF Appointment Scheduler
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy