Phpjabbers Event_booking_calendar
7 CVEs affecting Phpjabbers Event_booking_calendar. Latest disclosed: 2025-05-08. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-40765 | Critical | 9.8 | 2023-08-28 | User enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow an… |
CVE-2023-51293 | High | 7.5 | 2025-02-19 | A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Event Booking Calendar v4.0 allows attackers to send an excessive amou… |
CVE-2023-51295 | Medium | 6.5 | 2025-05-08 | PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_ap… |
CVE-2023-51296 | Medium | 6.1 | 2025-02-19 | PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms… |
CVE-2023-51298 | Medium | 4.7 | 2025-02-19 | PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists d… |
CVE-2014-10015 | | 2015-01-13 | SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid… | |
CVE-2014-10014 | | 2015-01-13 | Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of admi… |