Search criteria
27 vulnerabilities found for cleaning_business_software by phpjabbers
FKIE_CVE-2023-51328
Vulnerability from fkie_nvd - Published: 2025-05-08 16:15 - Updated: 2025-11-04 19:16
Severity ?
Summary
PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | cleaning_business_software | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "892B2201-ACF9-443D-BB19-53E16A7DCB12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"c_name, name\" parameters."
},
{
"lang": "es",
"value": "PHPJabbers Cleaning Business Software v1.0 es vulnerable a Cross-Site Scripting (XSS) m\u00faltiple almacenado en los par\u00e1metros \"c_name, name\"."
}
],
"id": "CVE-2023-51328",
"lastModified": "2025-11-04T19:16:19.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-08T16:15:23.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/176507"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/#sectionDemo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/176507/PHPJabbers-Cleaning-Business-Software-1.0-Cross-Site-Scripting.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/176507"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-51326
Vulnerability from fkie_nvd - Published: 2025-02-20 16:15 - Updated: 2025-11-04 19:16
Severity ?
Summary
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | cleaning_business_software | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "892B2201-ACF9-443D-BB19-53E16A7DCB12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in the \u0027Forgot Password\u0027 feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
},
{
"lang": "es",
"value": "La falta de limitaci\u00f3n de velocidad en la funci\u00f3n \u0027Forgot Password\u0027 de PHPJabbers Cleaning Business Software v1.0 permite a los atacantes enviar una cantidad excesiva de correo electr\u00f3nico a un usuario leg\u00edtimo, lo que lleva a una posible denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una gran cantidad de mensajes de correo electr\u00f3nico generados."
}
],
"id": "CVE-2023-51326",
"lastModified": "2025-11-04T19:16:19.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-20T16:15:35.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstorm.news/files/id/176506"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/#sectionDemo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/176506/PHPJabbers-Cleaning-Business-Software-1.0-Missing-Rate-Limiting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-51327
Vulnerability from fkie_nvd - Published: 2025-02-20 16:15 - Updated: 2025-11-04 19:16
Severity ?
Summary
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | cleaning_business_software | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "892B2201-ACF9-443D-BB19-53E16A7DCB12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in the \u0027Forgot Password\u0027 feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
},
{
"lang": "es",
"value": "La falta de limitaci\u00f3n de velocidad en la funci\u00f3n \u0027Forgot Password\u0027 de PHPJabbers Cleaning Business Software v1.0 permite a los atacantes enviar una cantidad excesiva de correo electr\u00f3nico a un usuario leg\u00edtimo, lo que lleva a una posible denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una gran cantidad de mensajes de correo electr\u00f3nico generados."
}
],
"id": "CVE-2023-51327",
"lastModified": "2025-11-04T19:16:19.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-20T16:15:35.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstorm.news/files/id/176506"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/#sectionDemo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/176506/PHPJabbers-Cleaning-Business-Software-1.0-Missing-Rate-Limiting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-51331
Vulnerability from fkie_nvd - Published: 2025-02-20 16:15 - Updated: 2025-11-04 19:16
Severity ?
Summary
PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | cleaning_business_software | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "892B2201-ACF9-443D-BB19-53E16A7DCB12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file."
},
{
"lang": "es",
"value": "PHPJabbers Cleaning Business Software v1.0 es afectado por una vulnerabilidad de inyecci\u00f3n CSV que permite a un atacante ejecutar c\u00f3digo remoto. La vulnerabilidad existe debido a una validaci\u00f3n de entrada insuficiente en la secci\u00f3n Idiomas. Etiqueta cualquier campo de par\u00e1metros en System Options que se utiliza para construir el archivo CSV."
}
],
"id": "CVE-2023-51331",
"lastModified": "2025-11-04T19:16:20.087",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-20T16:15:35.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstorm.news/files/id/176509"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/#sectionDemo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/176509/PHPJabbers-Cleaning-Business-Software-1.0-CSV-Injection.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-36140
Vulnerability from fkie_nvd - Published: 2023-09-11 15:16 - Updated: 2024-11-21 08:09
Severity ?
Summary
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | cleaning_business_software | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "892B2201-ACF9-443D-BB19-53E16A7DCB12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts."
},
{
"lang": "es",
"value": "En PHPJabbers Cleaning Business Software 1.0, no hay cifrado en las contrase\u00f1as de los usuarios, permitiendo a un atacante obtener acceso a todas las cuentas de usuario."
}
],
"id": "CVE-2023-36140",
"lastModified": "2024-11-21T08:09:21.017",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-11T15:16:00.773",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-36139
Vulnerability from fkie_nvd - Published: 2023-08-04 00:15 - Updated: 2024-11-21 08:09
Severity ?
Summary
In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | cleaning_business_software | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "892B2201-ACF9-443D-BB19-53E16A7DCB12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts."
},
{
"lang": "es",
"value": "En PHPJabbers Cleaning Business Software 1.0, la falta de verificaci\u00f3n al cambiar una direcci\u00f3n de correo electr\u00f3nico y/o contrase\u00f1a (en la P\u00e1gina de Perfil) permite a atacantes remotos tomar el control de cuentas."
}
],
"id": "CVE-2023-36139",
"lastModified": "2024-11-21T08:09:20.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-04T00:15:13.010",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-36141
Vulnerability from fkie_nvd - Published: 2023-08-04 00:15 - Updated: 2024-11-21 08:09
Severity ?
Summary
User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | cleaning_business_software | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "892B2201-ACF9-443D-BB19-53E16A7DCB12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users."
},
{
"lang": "es",
"value": "Se ha encontrado una enumeraci\u00f3n de usuarios en PHPJabbers Cleaning Business Software v1.0. Este problema se produce durante la recuperaci\u00f3n de contrase\u00f1as, donde una diferencia en los mensajes podr\u00eda permitir a un atacante determinar si el usuario es v\u00e1lido o no, permitiendo un ataque de fuerza bruta con usuarios v\u00e1lidos. "
}
],
"id": "CVE-2023-36141",
"lastModified": "2024-11-21T08:09:21.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-04T00:15:13.243",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-36138
Vulnerability from fkie_nvd - Published: 2023-08-04 00:15 - Updated: 2024-11-21 08:09
Severity ?
Summary
PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | cleaning_business_software | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "892B2201-ACF9-443D-BB19-53E16A7DCB12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php."
},
{
"lang": "es",
"value": "PHPJabbers Cleaning Business Software 1.0 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s del par\u00e1metro theme de preview.php.\n"
}
],
"id": "CVE-2023-36138",
"lastModified": "2024-11-21T08:09:20.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-04T00:15:12.890",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4115
Vulnerability from fkie_nvd - Published: 2023-08-03 06:15 - Updated: 2024-11-21 08:34
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | http://packetstormsecurity.com/files/173936/PHPJabbers-Cleaning-Business-1.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?ctiid.235962 | Permissions Required, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.235962 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/173936/PHPJabbers-Cleaning-Business-1.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.235962 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.235962 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | cleaning_business_software | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "892B2201-ACF9-443D-BB19-53E16A7DCB12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"id": "CVE-2023-4115",
"lastModified": "2024-11-21T08:34:25.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-03T06:15:10.710",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/173936/PHPJabbers-Cleaning-Business-1.0-Cross-Site-Scripting.html"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.235962"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.235962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/173936/PHPJabbers-Cleaning-Business-1.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.235962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.235962"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
CVE-2023-51328 (GCVE-0-2023-51328)
Vulnerability from cvelistv5 – Published: 2025-05-08 00:00 – Updated: 2025-11-04 18:21
VLAI?
Summary
PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51328",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T12:26:55.066583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T13:21:09.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/176507"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:21:17.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176507/PHPJabbers-Cleaning-Business-Software-1.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"c_name, name\" parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T15:29:29.601Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176507"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51328",
"datePublished": "2025-05-08T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:21:17.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-51331 (GCVE-0-2023-51331)
Vulnerability from cvelistv5 – Published: 2025-02-20 00:00 – Updated: 2025-11-04 18:21
VLAI?
Summary
PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T20:30:49.873499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T20:33:03.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:21:20.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176509/PHPJabbers-Cleaning-Business-Software-1.0-CSV-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T16:01:59.417Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176509"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51331",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:21:20.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-51326 (GCVE-0-2023-51326)
Vulnerability from cvelistv5 – Published: 2025-02-20 00:00 – Updated: 2025-11-04 18:21
VLAI?
Summary
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T20:23:02.509935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T20:23:53.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:21:15.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176506/PHPJabbers-Cleaning-Business-Software-1.0-Missing-Rate-Limiting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in the \u0027Forgot Password\u0027 feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T15:34:51.555Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176506"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51326",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:21:15.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-51327 (GCVE-0-2023-51327)
Vulnerability from cvelistv5 – Published: 2025-02-20 00:00 – Updated: 2025-11-04 18:21
VLAI?
Summary
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T20:25:30.774996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T20:29:04.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:21:16.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176506/PHPJabbers-Cleaning-Business-Software-1.0-Missing-Rate-Limiting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in the \u0027Forgot Password\u0027 feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T15:49:27.937Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176506"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51327",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:21:16.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-36140 (GCVE-0-2023-36140)
Vulnerability from cvelistv5 – Published: 2023-09-11 00:00 – Updated: 2024-09-26 14:58
VLAI?
Summary
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36140",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:58:24.708325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:58:32.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T14:21:29.294431",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"url": "https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-36140",
"datePublished": "2023-09-11T00:00:00",
"dateReserved": "2023-06-21T00:00:00",
"dateUpdated": "2024-09-26T14:58:32.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4115 (GCVE-0-2023-4115)
Vulnerability from cvelistv5 – Published: 2023-08-03 06:00 – Updated: 2024-11-21 15:14
VLAI?
Title
PHP Jabbers Cleaning Business index.php cross site scripting
Summary
A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHP Jabbers | Cleaning Business |
Affected:
1.0
|
Credits
skalvin (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235962"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235962"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173936/PHPJabbers-Cleaning-Business-1.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-04T21:40:46.064806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:14:09.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cleaning Business",
"vendor": "PHP Jabbers",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "skalvin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in PHP Jabbers Cleaning Business 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /index.php. Dank Manipulation des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T08:07:35.220Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235962"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.235962"
},
{
"tags": [
"related"
],
"url": "http://packetstormsecurity.com/files/173936/PHPJabbers-Cleaning-Business-1.0-Cross-Site-Scripting.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-08-02T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-08-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-24T14:58:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHP Jabbers Cleaning Business index.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4115",
"datePublished": "2023-08-03T06:00:05.943Z",
"dateReserved": "2023-08-02T20:23:43.194Z",
"dateUpdated": "2024-11-21T15:14:09.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36141 (GCVE-0-2023-36141)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:00 – Updated: 2024-10-17 16:24
VLAI?
Summary
User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T16:24:11.260913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T16:24:19.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-36141",
"datePublished": "2023-08-03T00:00:00",
"dateReserved": "2023-06-21T00:00:00",
"dateUpdated": "2024-10-17T16:24:19.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36138 (GCVE-0-2023-36138)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:00 – Updated: 2024-10-17 17:58
VLAI?
Summary
PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T17:58:48.704235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T17:58:55.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-36138",
"datePublished": "2023-08-03T00:00:00",
"dateReserved": "2023-06-21T00:00:00",
"dateUpdated": "2024-10-17T17:58:55.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36139 (GCVE-0-2023-36139)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:00 – Updated: 2024-10-17 17:58
VLAI?
Summary
In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T17:58:12.561089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T17:58:19.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-36139",
"datePublished": "2023-08-03T00:00:00",
"dateReserved": "2023-06-21T00:00:00",
"dateUpdated": "2024-10-17T17:58:19.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51328 (GCVE-0-2023-51328)
Vulnerability from nvd – Published: 2025-05-08 00:00 – Updated: 2025-11-04 18:21
VLAI?
Summary
PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51328",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T12:26:55.066583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T13:21:09.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/176507"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:21:17.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176507/PHPJabbers-Cleaning-Business-Software-1.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"c_name, name\" parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T15:29:29.601Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176507"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51328",
"datePublished": "2025-05-08T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:21:17.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-51331 (GCVE-0-2023-51331)
Vulnerability from nvd – Published: 2025-02-20 00:00 – Updated: 2025-11-04 18:21
VLAI?
Summary
PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T20:30:49.873499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T20:33:03.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:21:20.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176509/PHPJabbers-Cleaning-Business-Software-1.0-CSV-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T16:01:59.417Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176509"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51331",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:21:20.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-51326 (GCVE-0-2023-51326)
Vulnerability from nvd – Published: 2025-02-20 00:00 – Updated: 2025-11-04 18:21
VLAI?
Summary
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T20:23:02.509935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T20:23:53.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:21:15.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176506/PHPJabbers-Cleaning-Business-Software-1.0-Missing-Rate-Limiting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in the \u0027Forgot Password\u0027 feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T15:34:51.555Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176506"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51326",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:21:15.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-51327 (GCVE-0-2023-51327)
Vulnerability from nvd – Published: 2025-02-20 00:00 – Updated: 2025-11-04 18:21
VLAI?
Summary
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T20:25:30.774996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T20:29:04.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:21:16.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176506/PHPJabbers-Cleaning-Business-Software-1.0-Missing-Rate-Limiting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in the \u0027Forgot Password\u0027 feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T15:49:27.937Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176506"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51327",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:21:16.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-36140 (GCVE-0-2023-36140)
Vulnerability from nvd – Published: 2023-09-11 00:00 – Updated: 2024-09-26 14:58
VLAI?
Summary
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36140",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:58:24.708325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:58:32.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T14:21:29.294431",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"url": "https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-36140",
"datePublished": "2023-09-11T00:00:00",
"dateReserved": "2023-06-21T00:00:00",
"dateUpdated": "2024-09-26T14:58:32.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4115 (GCVE-0-2023-4115)
Vulnerability from nvd – Published: 2023-08-03 06:00 – Updated: 2024-11-21 15:14
VLAI?
Title
PHP Jabbers Cleaning Business index.php cross site scripting
Summary
A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHP Jabbers | Cleaning Business |
Affected:
1.0
|
Credits
skalvin (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235962"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235962"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173936/PHPJabbers-Cleaning-Business-1.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-04T21:40:46.064806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:14:09.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cleaning Business",
"vendor": "PHP Jabbers",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "skalvin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in PHP Jabbers Cleaning Business 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /index.php. Dank Manipulation des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T08:07:35.220Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235962"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.235962"
},
{
"tags": [
"related"
],
"url": "http://packetstormsecurity.com/files/173936/PHPJabbers-Cleaning-Business-1.0-Cross-Site-Scripting.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-08-02T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-08-02T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-24T14:58:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHP Jabbers Cleaning Business index.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4115",
"datePublished": "2023-08-03T06:00:05.943Z",
"dateReserved": "2023-08-02T20:23:43.194Z",
"dateUpdated": "2024-11-21T15:14:09.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36141 (GCVE-0-2023-36141)
Vulnerability from nvd – Published: 2023-08-03 00:00 – Updated: 2024-10-17 16:24
VLAI?
Summary
User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T16:24:11.260913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T16:24:19.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-36141",
"datePublished": "2023-08-03T00:00:00",
"dateReserved": "2023-06-21T00:00:00",
"dateUpdated": "2024-10-17T16:24:19.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36138 (GCVE-0-2023-36138)
Vulnerability from nvd – Published: 2023-08-03 00:00 – Updated: 2024-10-17 17:58
VLAI?
Summary
PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T17:58:48.704235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T17:58:55.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-36138",
"datePublished": "2023-08-03T00:00:00",
"dateReserved": "2023-06-21T00:00:00",
"dateUpdated": "2024-10-17T17:58:55.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36139 (GCVE-0-2023-36139)
Vulnerability from nvd – Published: 2023-08-03 00:00 – Updated: 2024-10-17 17:58
VLAI?
Summary
In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T17:58:12.561089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T17:58:19.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/cleaning-business-software/"
},
{
"url": "https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-36139",
"datePublished": "2023-08-03T00:00:00",
"dateReserved": "2023-06-21T00:00:00",
"dateUpdated": "2024-10-17T17:58:19.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}