Search criteria
6 vulnerabilities found for availability_booking_calendar_php by gzscripts
CVE-2023-3970 (GCVE-0-2023-3970)
Vulnerability from nvd – Published: 2023-07-27 12:00 – Updated: 2024-08-02 07:08
VLAI
Title
GZ Scripts Availability Booking Calendar PHP Image cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability.
Severity
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.235569 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.235569 | signaturepermissions-required |
| https://seclists.org/fulldisclosure/2023/Jul/51 | exploitmailing-list |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GZ Scripts | Availability Booking Calendar PHP |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235569"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235569"
},
{
"tags": [
"exploit",
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Jul/51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Image Handler"
],
"product": "Availability Booking Calendar PHP",
"vendor": "GZ Scripts",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser\u0026action=edit\u0026id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in GZ Scripts Availability Booking Calendar PHP 1.0 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /index.php?controller=GzUser\u0026action=edit\u0026id=1 der Komponente Image Handler. Durch Manipulation des Arguments img mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T07:51:43.120Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235569"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.235569"
},
{
"tags": [
"exploit",
"mailing-list"
],
"url": "https://seclists.org/fulldisclosure/2023/Jul/51"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-27T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-20T08:42:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "GZ Scripts Availability Booking Calendar PHP Image cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3970",
"datePublished": "2023-07-27T12:00:06.063Z",
"dateReserved": "2023-07-27T06:57:29.111Z",
"dateUpdated": "2024-08-02T07:08:50.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3969 (GCVE-0-2023-3969)
Vulnerability from nvd – Published: 2023-07-27 11:31 – Updated: 2024-08-02 07:08
VLAI
Title
GZ Scripts Availability Booking Calendar PHP HTTP POST Request index.php cross site scripting
Summary
A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promo_code leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235568.
Severity
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.235568 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.235568 | signaturepermissions-required |
| https://seclists.org/fulldisclosure/2023/Jul/51 | exploitmailing-list |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GZ Scripts | Availability Booking Calendar PHP |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235568"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235568"
},
{
"tags": [
"exploit",
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Jul/51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Availability Booking Calendar PHP",
"vendor": "GZ Scripts",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promo_code leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235568."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in GZ Scripts Availability Booking Calendar PHP 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Datei index.php der Komponente HTTP POST Request Handler. Durch die Manipulation des Arguments promo_code mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T07:50:29.972Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235568"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.235568"
},
{
"tags": [
"exploit",
"mailing-list"
],
"url": "https://seclists.org/fulldisclosure/2023/Jul/51"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-27T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-20T08:41:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "GZ Scripts Availability Booking Calendar PHP HTTP POST Request index.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3969",
"datePublished": "2023-07-27T11:31:03.531Z",
"dateReserved": "2023-07-27T06:56:05.640Z",
"dateUpdated": "2024-08-02T07:08:50.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3543 (GCVE-0-2023-3543)
Vulnerability from nvd – Published: 2023-07-07 16:31 – Updated: 2024-08-02 07:01
VLAI
Title
GZ Scripts Availability Booking Calendar PHP HTTP POST Request load.php cross site scripting
Summary
A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.233295 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.233295 | signature |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GZ Scripts | Availability Booking Calendar PHP |
Affected:
1.8
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.233295"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.233295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Availability Booking Calendar PHP",
"vendor": "GZ Scripts",
"versions": [
{
"status": "affected",
"version": "1.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "skalvin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in GZ Scripts Availability Booking Calendar PHP 1.8 ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei load.php der Komponente HTTP POST Request Handler. Durch das Manipulieren des Arguments cid/first_name/second_name/address_1/country mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T14:20:48.802Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.233295"
},
{
"tags": [
"signature"
],
"url": "https://vuldb.com/?ctiid.233295"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-07T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-07-25T14:08:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "GZ Scripts Availability Booking Calendar PHP HTTP POST Request load.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3543",
"datePublished": "2023-07-07T16:31:03.363Z",
"dateReserved": "2023-07-07T12:13:37.340Z",
"dateUpdated": "2024-08-02T07:01:57.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3970 (GCVE-0-2023-3970)
Vulnerability from cvelistv5 – Published: 2023-07-27 12:00 – Updated: 2024-08-02 07:08
VLAI
Title
GZ Scripts Availability Booking Calendar PHP Image cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability.
Severity
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.235569 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.235569 | signaturepermissions-required |
| https://seclists.org/fulldisclosure/2023/Jul/51 | exploitmailing-list |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GZ Scripts | Availability Booking Calendar PHP |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235569"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235569"
},
{
"tags": [
"exploit",
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Jul/51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Image Handler"
],
"product": "Availability Booking Calendar PHP",
"vendor": "GZ Scripts",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser\u0026action=edit\u0026id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in GZ Scripts Availability Booking Calendar PHP 1.0 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /index.php?controller=GzUser\u0026action=edit\u0026id=1 der Komponente Image Handler. Durch Manipulation des Arguments img mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T07:51:43.120Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235569"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.235569"
},
{
"tags": [
"exploit",
"mailing-list"
],
"url": "https://seclists.org/fulldisclosure/2023/Jul/51"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-27T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-20T08:42:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "GZ Scripts Availability Booking Calendar PHP Image cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3970",
"datePublished": "2023-07-27T12:00:06.063Z",
"dateReserved": "2023-07-27T06:57:29.111Z",
"dateUpdated": "2024-08-02T07:08:50.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3969 (GCVE-0-2023-3969)
Vulnerability from cvelistv5 – Published: 2023-07-27 11:31 – Updated: 2024-08-02 07:08
VLAI
Title
GZ Scripts Availability Booking Calendar PHP HTTP POST Request index.php cross site scripting
Summary
A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promo_code leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235568.
Severity
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.235568 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.235568 | signaturepermissions-required |
| https://seclists.org/fulldisclosure/2023/Jul/51 | exploitmailing-list |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GZ Scripts | Availability Booking Calendar PHP |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235568"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235568"
},
{
"tags": [
"exploit",
"mailing-list",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2023/Jul/51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Availability Booking Calendar PHP",
"vendor": "GZ Scripts",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promo_code leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235568."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in GZ Scripts Availability Booking Calendar PHP 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Datei index.php der Komponente HTTP POST Request Handler. Durch die Manipulation des Arguments promo_code mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T07:50:29.972Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235568"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.235568"
},
{
"tags": [
"exploit",
"mailing-list"
],
"url": "https://seclists.org/fulldisclosure/2023/Jul/51"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-27T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-20T08:41:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "GZ Scripts Availability Booking Calendar PHP HTTP POST Request index.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3969",
"datePublished": "2023-07-27T11:31:03.531Z",
"dateReserved": "2023-07-27T06:56:05.640Z",
"dateUpdated": "2024-08-02T07:08:50.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3543 (GCVE-0-2023-3543)
Vulnerability from cvelistv5 – Published: 2023-07-07 16:31 – Updated: 2024-08-02 07:01
VLAI
Title
GZ Scripts Availability Booking Calendar PHP HTTP POST Request load.php cross site scripting
Summary
A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.233295 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.233295 | signature |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GZ Scripts | Availability Booking Calendar PHP |
Affected:
1.8
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.233295"
},
{
"tags": [
"signature",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.233295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Availability Booking Calendar PHP",
"vendor": "GZ Scripts",
"versions": [
{
"status": "affected",
"version": "1.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "skalvin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in GZ Scripts Availability Booking Calendar PHP 1.8 ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei load.php der Komponente HTTP POST Request Handler. Durch das Manipulieren des Arguments cid/first_name/second_name/address_1/country mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T14:20:48.802Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.233295"
},
{
"tags": [
"signature"
],
"url": "https://vuldb.com/?ctiid.233295"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-07T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-07-25T14:08:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "GZ Scripts Availability Booking Calendar PHP HTTP POST Request load.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3543",
"datePublished": "2023-07-07T16:31:03.363Z",
"dateReserved": "2023-07-07T12:13:37.340Z",
"dateUpdated": "2024-08-02T07:01:57.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}