CVE-2020-35416

MEDIUM

Onlineonly Phpjabbers Appointment Scheduler - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.

Exploits (1)

exploitdb WORKING POC

by Andrea Intilangelo · textwebappsphp

https://www.exploit-db.com/exploits/49281

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/160502/PHPJabbers-Appointment-Scheduler-2.3-Cross-Site-Scripting.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/160600/PHPJabbers-Appointment-Scheduler-2.3-Cross-Site-Scripting.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49281

Scores

CVSS v3 6.1

EPSS 0.0450

EPSS Percentile 89.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

onlineonly/phpjabbers_appointment_scheduler 2.3

Published Dec 15, 2020

Tracked Since Feb 18, 2026