CVE Catalog

CVE-2023-4110

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
1.77%

75th percentile — higher than 75% of all known CVEs

Summary

A vulnerability has been found in PHP Jabbers Availability Booking Calendar version 5.0, allowing cross site scripting attacks through manipulation of the session_id argument in the /index.php file.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to session theft or injection of malicious code.

Recommendation

It is recommended to update to the latest version of the software and monitor the application for unauthorized activities.

Original NVD description (English source)

A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS