Primary

Context

PHPJabbers Restaurant Booking System HTML Injection Vulnerability

Vulnerability

A vulnerability allowing multiple HTML injection points has been identified in PHPJabbers Restaurant Booking System version 3.0. This issue arises in the 'name', 'plugin_sms_api_key', 'plugin_sms_country_code', and 'title' parameters. The vulnerability can be exploited by injecting malicious HTML that is then executed when the content is viewed, potentially leading to cross-site scripting (XSS) attacks.

Impact

Exploitation of this vulnerability allows for cross-site scripting (XSS) attacks, where injected HTML or scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, log into the admin panel and navigate to the 'System Menu', then click on 'SMS Settings'. Inject any HTML tag into the 'SMS API Key' or 'Default Country Code' input fields and save the changes. The injected HTML will be executed, demonstrating the injection vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHPJabbers Restaurant Booking System HTML Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating