Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.
https://www.exploit-db.com/exploits/49281
http://packetstormsecurity.com/files/160600/PHPJabbers-Appointment-Scheduler-2.3-Cross-Site-Scripting.html
http://packetstormsecurity.com/files/160502/PHPJabbers-Appointment-Scheduler-2.3-Cross-Site-Scripting.html
Source: Mitre, NVD
Published: 2020-12-15
Updated: 2022-08-06
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: Medium
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS: 0.02201