95 matches found
CVE-2023-1356 Reflected Cross-site Scripting In IDAttend’s IDWeb Application
Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link...
CVE-2023-1356 Reflected Cross-site Scripting In IDAttend’s IDWeb Application
Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link...
CVE-2023-27262 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27260 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-27261 Missing Authentication In IDAttend’s IDWeb Application
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers...
CVE-2023-27261
CVE-2023-27261 affects IDAttend’s IDWeb application, version 3.1.052 and earlier. The root cause is missing authentication in the DeleteAssignments method, enabling unauthenticated actors to delete data. Reported impact states data deletion possible without credentials; CVSS bases show Medium sev...
CVE-2023-27377
CVE-2023-27377 affects IDAttend’s IDWeb app (versions 3.1.052 and earlier). The root cause is missing authentication in the StudentPopupDetails_EmergencyContactDetails method, enabling unauthenticated attackers to exfiltrate sensitive student data over the network. The cvss 3.1 data indicates hig...
CVE-2023-27376 Missing Authentication In IDAttend’s IDWeb Application
Missing authentication in the StudentPopupDetailsStudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...
CVE-2023-27376 Missing Authentication In IDAttend’s IDWeb Application
Missing authentication in the StudentPopupDetailsStudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...
CVE-2023-27375 Missing Authentication In IDAttend’s IDWeb Application
Missing authentication in the StudentPopupDetailsContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...
CVE-2023-27259
IDAttend IDWeb application, versions 3.1.052 and earlier, has a vulnerability in the GetAssignmentsDue method where missing authentication allows unauthenticated extraction of sensitive student and teacher data. Root cause: incomplete access control enabling data exposure. Impact: confidential da...
CVE-2023-27257 Missing Authentication In IDAttend’s IDWeb Application
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers...
CVE-2023-27256 Missing Authentication In IDAttend’s IDWeb Application
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers...
CVE-2023-27255
The CVE concerns IDAttend’s IDWeb application, affected in version 3.1.052 and earlier. The vulnerability is an unauthenticated SQL injection in the DeleteRoomChanges method, allowing an attacker to extract or modify all data without authentication. Multiple connected sources align on the core is...
CVE-2023-27254 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26584 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26583 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26581 Unauthenticated SQL Injection In IDAttend’s IDWeb Application
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...
CVE-2023-26580 Missing Authentication In IDAttend’s IDWeb Application
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers...
CVE-2023-26580 Missing Authentication In IDAttend’s IDWeb Application
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers...