Phpjabbers Appointment Scheduler — known CVE vulnerabilities
Every CVE whose affected-product data names Phpjabbers Appointment Scheduler, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2023-48841 — CVSS 8.8 (high): Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
CVE-2023-36127 — CVSS 7.5 (high): User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in…
CVE-2023-48840 — CVSS 7.5 (high): A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion.
CVE-2023-36126 — CVSS 6.1 (medium): There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0
CVE-2023-48838 — CVSS 5.4 (medium): Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code.
CVE-2023-48839 — CVSS 5.4 (medium): Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key…
CVE-2014-10010 — CVSS 5.0 (medium): Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot…