Medium
CVSS: 5.1
PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads…
High
CVSS: 8.7
PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.ph…
Critical
CVSS: 9.3
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniqu…
Medium
CVSS: 5.3
A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may…
Medium
CVSS: 5.4
PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters.
Medium
CVSS: 6.5
PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
Medium
CVSS: 6.5
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Event Ticketing System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount…
Medium
CVSS: 5.4
PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page.
Medium
CVSS: 5.4
PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in "lid" parameter in index.
High
CVSS: 8.8
PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any paramete…
Medium
CVSS: 6.5
PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters.
Medium
CVSS: 5.3
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount…
High
CVSS: 8.8
PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters fie…
Medium
CVSS: 4.3
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large a…
Medium
CVSS: 6.5
PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameter…
Medium
CVSS: 5.4
PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter.
Medium
CVSS: 6.5
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large am…
Medium
CVSS: 6.5
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large am…
Medium
CVSS: 5.4
PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters.
Medium
CVSS: 6.5
PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any paramete…