Skip to main content

Availability Booking Calendar

8 CVEs product

Monthly

CVE-2023-48831 HIGH POC This Week

A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Availability Booking Calendar
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-48825 MEDIUM POC This Month

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Availability Booking Calendar
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48208 MEDIUM This Month

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Availability Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-48207 HIGH POC This Week

Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Availability Booking Calendar
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-36133 CRITICAL Act Now

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Availability Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36132 CRITICAL Act Now

PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Availability Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36131 CRITICAL Act Now

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Availability Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-4110 MEDIUM POC This Month

A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Availability Booking Calendar
NVD VulDB
CVSS 3.1
6.1
EPSS
1.8%
EPSS 1% CVSS 7.5
HIGH POC This Week

A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Availability Booking Calendar
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Availability Booking Calendar
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Availability Booking Calendar
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Availability Booking Calendar
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Availability Booking Calendar
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Availability Booking Calendar
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Availability Booking Calendar
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Availability Booking Calendar
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy