In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
9.8CVSS
9.5AI Score
0.003EPSS
User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
7.5CVSS
7.4AI Score
0.001EPSS
PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.
6.5CVSS
6.4AI Score
0.001EPSS
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0.
6.1CVSS
6AI Score
0.001EPSS