cbcvebase.

Phpjabbers Callback Widget vulnerabilities

5 known vulnerabilities affecting phpjabbers/callback_widget.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2023-40755P3MEDIUMCVSS 6.1PoCv1.02023-08-28
CVE-2023-40755 [MEDIUM] CWE-79 CVE-2023-40755: There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJa There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.
nvd
CVE-2023-40756P3CRITICALCVSS 9.8v1.02023-08-28
CVE-2023-40756 [CRITICAL] CWE-203 CVE-2023-40756: User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password reco User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
nvd
CVE-2023-36314P4MEDIUMCVSS 6.1v1.02023-08-10
CVE-2023-36314 [MEDIUM] CWE-79 CVE-2023-36314: There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message pa There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0.
nvd
CVE-2023-36315P4MEDIUMCVSS 6.1v1.02023-08-10
CVE-2023-36315 [MEDIUM] CWE-79 CVE-2023-36315: There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJab There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0.
nvd
CVE-2023-36312P4MEDIUMCVSS 5.4v1.02023-08-10
CVE-2023-36312 [MEDIUM] CWE-79 CVE-2023-36312: There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone paramete There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0.
nvd
Phpjabbers Callback Widget vulnerabilities | cvebase