CVE-2023-4116 - Vulnerability Details - OpenCVE

ReportizFlow

A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Phpjabbers	Taxi Booking Script

Configuration 1 [-]

cpe:2.3:a:phpjabbers:taxi_booking_script:2.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/173937/PHPJabbers-Taxi-Booking-2.0-Cross-Site-Scripting.html
https://vuldb.com/?ctiid.235963
https://vuldb.com/?id.235963

History

Fri, 11 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-08-03T07:00:06.181Z

Updated: 2024-10-11T19:10:45.471Z

Reserved: 2023-08-02T20:24:58.183Z

Link: CVE-2023-4116

Vulnrichment

Updated: 2024-08-02T07:17:11.882Z

NVD

Status : Modified

Published: 2023-08-03T07:15:13.290

Modified: 2024-11-21T08:34:25.727

Link: CVE-2023-4116

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4116", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-08-02T20:24:58.183Z", "datePublished": "2023-08-03T07:00:06.181Z", "dateUpdated": "2024-10-11T19:10:45.471Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-24T08:08:48.395Z"}, "title": "PHP Jabbers Taxi Booking index.php cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Cross Site Scripting"}]}], "affected": [{"vendor": "PHP Jabbers", "product": "Taxi Booking", "versions": [{"version": "2.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In PHP Jabbers Taxi Booking 2.0 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /index.php. Mit der Manipulation des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "timeline": [{"time": "2023-08-02T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-08-02T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-08-02T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-08-24T15:02:15.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "skalvin (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.235963", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.235963", "tags": ["signature", "permissions-required"]}, {"url": "http://packetstormsecurity.com/files/173937/PHPJabbers-Taxi-Booking-2.0-Cross-Site-Scripting.html", "tags": ["related"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:17:11.882Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.235963", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.235963", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/173937/PHPJabbers-Taxi-Booking-2.0-Cross-Site-Scripting.html", "tags": ["related", "x_transferred"]}]}, {"affected": [{"vendor": "phpjabbers", "product": "taxi_booking_script", "cpes": ["cpe:2.3:a:phpjabbers:taxi_booking_script:2.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T18:40:20.074244Z", "id": "CVE-2023-4116", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T19:10:45.471Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.235963", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.235963", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/173937/PHPJabbers-Taxi-Booking-2.0-Cross-Site-Scripting.html", "tags": ["related", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:17:11.882Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4116", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-11T18:40:20.074244Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:phpjabbers:taxi_booking_script:2.0:*:*:*:*:*:*:*"], "vendor": "phpjabbers", "product": "taxi_booking_script", "versions": [{"status": "affected", "version": "2.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T19:10:40.326Z"}}], "cna": {"title": "PHP Jabbers Taxi Booking index.php cross site scripting", "credits": [{"lang": "en", "type": "analyst", "value": "skalvin (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "affected": [{"vendor": "PHP Jabbers", "product": "Taxi Booking", "versions": [{"status": "affected", "version": "2.0"}]}], "timeline": [{"lang": "en", "time": "2023-08-02T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2023-08-02T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2023-08-02T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2023-08-24T15:02:15.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.235963", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.235963", "tags": ["signature", "permissions-required"]}, {"url": "http://packetstormsecurity.com/files/173937/PHPJabbers-Taxi-Booking-2.0-Cross-Site-Scripting.html", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In PHP Jabbers Taxi Booking 2.0 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /index.php. Mit der Manipulation des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Cross Site Scripting"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-24T08:08:48.395Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4116", "state": "PUBLISHED", "dateUpdated": "2024-10-11T19:10:45.471Z", "dateReserved": "2023-08-02T20:24:58.183Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2023-08-03T07:00:06.181Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpjabbers:taxi_booking_script:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D66FD684-9A03-4101-B937-22FC1B17AC01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2023-4116", "lastModified": "2024-11-21T08:34:25.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-08-03T07:15:13.290", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/173937/PHPJabbers-Taxi-Booking-2.0-Cross-Site-Scripting.html"}, {"source": "[email protected]", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.235963"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.235963"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/173937/PHPJabbers-Taxi-Booking-2.0-Cross-Site-Scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.235963"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.235963"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Secondary"}]}