#php

PHPJabbers Car Rental version 3.0 suffers from multiple persistent cross site scripting vulnerabilities.

PHPJabbers Car Rental version 3.0 suffers from a CSV injection vulnerability.

R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.

PHPJabbers Car Rental version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

PHPJabbers Availability Booking Calendar version 5.0 suffers from a missing rate limiting control that can allow for resource exhaustion.

PHPJabbers Shuttle Booking Software version 2.0 suffers from a CSV injection vulnerability.

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from multiple persistent cross site scripting vulnerabilities.

PHPJabbers Time Slots Booking Calendar version 4.0 suffers from an html injection vulnerability.

A vulnerability was found in librespeed speedtest up to 5.2.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file results/stats.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. Upgrading to version 5.2.5 is able to address this issue. The patch is named a85f2c086f3449dffa8fe2edb5e2ef3ee72dc0e9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-246643.