CVE-2023-51296

Name of the Vulnerable Software and Affected Versions PHPJabbers Event Booking Calendar version 4.0

Description The issue concerns a Cross-Site Scripting (XSS) vulnerability that affects the "name", plugin sms api key, plugin sms country code, and "title" parameters. This allows attackers to execute arbitrary code. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For PHPJabbers Event Booking Calendar version 4.0, as a temporary workaround, consider restricting access to the vulnerable parameters name, plugin sms api key, plugin sms country code, and title until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.