Skip to main content

Time Slots Booking Calendar

9 CVEs product

Monthly

CVE-2023-48833 HIGH POC This Week

A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Time Slots Booking Calendar
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48828 MEDIUM POC This Month

Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Time Slots Booking Calendar
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48827 MEDIUM POC This Month

Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Time Slots Booking Calendar
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48826 HIGH POC This Week

Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Time Slots Booking Calendar
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-33564 MEDIUM This Month

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Time Slots Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33563 HIGH This Week

In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Time Slots Booking Calendar
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-33562 CRITICAL Act Now

User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Time Slots Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-33561 CRITICAL Act Now

Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Time Slots Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33560 MEDIUM This Month

There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Time Slots Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.4%
EPSS 1% CVSS 7.5
HIGH POC This Week

A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Time Slots Booking Calendar
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Time Slots Booking Calendar
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Time Slots Booking Calendar
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Time Slots Booking Calendar
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Time Slots Booking Calendar
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Time Slots Booking Calendar
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Time Slots Booking Calendar
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Time Slots Booking Calendar
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Time Slots Booking Calendar
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy