CVE-2023-4110
LowCVSS 3.5Exploitation Probability (EPSS)
High risk75th percentile — higher than 75% of all known CVEs
Summary
A vulnerability has been found in PHP Jabbers Availability Booking Calendar version 5.0, allowing cross site scripting attacks through manipulation of the session_id argument in the /index.php file.
Risk Assessment
An attacker can remotely exploit this vulnerability, potentially leading to session theft or injection of malicious code.
Recommendation
It is recommended to update to the latest version of the software and monitor the application for unauthorized activities.
Original NVD description (English source)
A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

