exploitDog

CVE-2023-51296

Опубликовано: 19 фев. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters which allows attackers to execute arbitrary code

Ссылки

https://packetstorm.news/files/id/176485
Exploit
Third Party Advisory
VDB Entry
https://www.phpjabbers.com/event-booking-calendar/#sectionDemo
Product
http://packetstormsecurity.com/files/176485/PHPJabbers-Event-Booking-Calendar-4.0-Cross-Site-Scripting-HTML-Injection.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpjabbers:event_booking_calendar:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00228

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-qmvw-mmq3-8fjr

CVSS3: 6.1

github

12 месяцев назад

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters which allows attackers to execute arbitrary code

EPSS

Процентиль: 45%

0.00228

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79