First published: Tue Oct 10 2023(Updated: )
There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
PHPJabbers Appointment Scheduler | =3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-36126 is medium.
The affected software in CVE-2023-36126 is PHPJabbers Appointment Scheduler v3.0.
The vulnerability in CVE-2023-36126 allows an attacker to execute malicious scripts in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0, potentially leading to cross-site scripting attacks.
To fix the vulnerability in CVE-2023-36126, it is recommended to update to a patched version of PHPJabbers Appointment Scheduler.
Yes, you can find more information about CVE-2023-36126 at this reference: https://medium.com/@bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4