Phpjabbers Yacht Listing Script vulnerabilities
3 known vulnerabilities affecting phpjabbers/yacht_listing_script.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-40750P3MEDIUMCVSS 6.1PoCv1.02023-08-28
CVE-2023-40750 [MEDIUM] CWE-79 CVE-2023-40750: There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJab
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0.
nvd
CVE-2023-40761P3CRITICALCVSS 9.8v2.02023-08-28
CVE-2023-40761 [CRITICAL] CWE-209 CVE-2023-40761: User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
nvd
CVE-2023-38830P3HIGHCVSS 7.5v1.02023-08-10
CVE-2023-38830 [HIGH] CWE-668 CVE-2023-38830: An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' cred
An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.
nvd