First published: Thu Dec 07 2023(Updated: )
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
PHPJabbers Availability Booking Calendar | =5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this cross-site scripting vulnerability is CVE-2023-48208.
The severity of CVE-2023-48208 is medium.
The Availability Booking Calendar version 5.0 by PHPJabbers is affected by CVE-2023-48208.
An attacker can exploit CVE-2023-48208 by injecting malicious JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.
There is currently no fix available for CVE-2023-48208. It is recommended to update to a newer version of the Availability Booking Calendar when it becomes available.