漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
StivaSoft PHPJabbers Appointment Scheduler 跨站请求伪造漏洞
Vulnerability Description
StivaSoft PHPJabbers Appointment Scheduler是保加利亚StivaSoft公司的一套RMCIS客户预约管理系统。该系统可用于管理客户、预约、资源、服务、定位等信息。 StivaSoft PHPJabbers Appointment Scheduler 2.0版本中存在跨站请求伪造漏洞,该漏洞源于pjAdminServices控制器没有充分过滤pjActionCreate操作中的‘i18n[1][name]’参数;pjAdminUsers控制器没有充分过滤pjActio
CVSS Information
N/A
Vulnerability Type
N/A