CVE-2023-51295

Name of the Vulnerable Software and Affected Versions PHPJabbers Event Booking Calendar version 4.0

Description The issue concerns Multiple HTML Injection in certain parameters. The vulnerable parameters include name, plugin sms api key, plugin sms country code, and title.

Recommendations For PHPJabbers Event Booking Calendar version 4.0, consider restricting input for the name, plugin sms api key, plugin sms country code, and title parameters to prevent HTML injection until a patch is available. Avoid using these parameters in a way that could allow malicious HTML code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.