Phpjabbers Availability Booking Calendar — known CVE vulnerabilities
Every CVE whose affected-product data names Phpjabbers Availability Booking Calendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2023-36131 — CVSS 9.8 (critical): PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password…
CVE-2023-36133 — CVSS 9.8 (critical): PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.
CVE-2023-48207 — CVSS 8.8 (high): Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component.
CVE-2023-48831 — CVSS 7.5 (high): A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion.
CVE-2023-48208 — CVSS 6.1 (medium): A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name…
CVE-2023-48825 — CVSS 5.4 (medium): Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
CVE-2023-4110 — CVSS 3.5 (low): A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this…