Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-48841 |
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Published: December 07, 2023; 2:15:12 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-48840 |
A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. Published: December 07, 2023; 2:15:12 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-48839 |
Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Published: December 07, 2023; 2:15:12 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-48838 |
Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. Published: December 07, 2023; 2:15:12 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-48837 |
Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Published: December 07, 2023; 2:15:12 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-48836 |
Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Published: December 07, 2023; 2:15:11 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-48835 |
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Published: December 07, 2023; 2:15:11 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-48834 |
A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. Published: December 07, 2023; 2:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-48833 |
A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. Published: December 07, 2023; 2:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-48831 |
A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. Published: December 07, 2023; 2:15:11 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-48830 |
Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. Published: December 07, 2023; 2:15:11 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-48828 |
Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Published: December 07, 2023; 2:15:10 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-48827 |
Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Published: December 07, 2023; 2:15:10 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-48826 |
Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. Published: December 07, 2023; 2:15:10 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-48825 |
Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Published: December 07, 2023; 2:15:10 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-48824 |
BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action. Published: December 07, 2023; 2:15:10 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-48823 |
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. Published: December 07, 2023; 2:15:10 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-48208 |
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. Published: December 07, 2023; 2:15:09 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-48207 |
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. Published: December 07, 2023; 2:15:09 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-48206 |
A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. Published: December 07, 2023; 2:15:09 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |