3 matches found
Edupage Information Disclosure
Both authenticated and publicly accessible anonymous guest accounts on Edupage portal allow an attacker to capture the complete list of user IDs, names students, parents, and teachers, and the associated banking details IBAN codes...
Edupage Cross Site Request Forgery / Spoofing
Non-sanitised submission of malicious SVG files on the Edupage portal in combination with cross site request forgery attacks allows the triggering various actions on behalf of other users, e.g. identity spoofing, sending fake messages, giving fake approvals, etc...
edupage.org Cross Site Scripting vulnerability OBB-4041096
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...