CVE-2020-35416: XSS
First published: Tue Dec 15 2020(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPJabbers Appointment Scheduler | =2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-35416?
CVE-2020-35416 has a medium severity due to the risk of cross-site scripting attacks.
How do I fix CVE-2020-35416?
To fix CVE-2020-35416, update PHPJabbers Appointment Scheduler to the latest version that addresses these vulnerabilities.
What types of attacks are possible with CVE-2020-35416?
CVE-2020-35416 allows remote attackers to conduct cross-site scripting attacks, potentially leading to data theft or unauthorized actions.
Which versions are affected by CVE-2020-35416?
CVE-2020-35416 affects version 2.3 of PHPJabbers Appointment Scheduler.
Where can I find more information about CVE-2020-35416?
More information about CVE-2020-35416 can typically be found in security advisory bulletins and vulnerability databases.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/onlineonly
- canonical/phpjabbers appointment scheduler
- version/phpjabbers appointment scheduler/2.3