Lucene search
K

95 matches found

Vulnrichment
Vulnrichment
added 2023/10/25 10:28 a.m.9 views

CVE-2023-1356 Reflected Cross-site Scripting In IDAttend’s IDWeb Application

Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link...

7.5CVSS6.3AI score0.00444EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/25 10:28 a.m.23 views

CVE-2023-1356 Reflected Cross-site Scripting In IDAttend’s IDWeb Application

Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link...

7.5CVSS7.3AI score0.00444EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/25 10:25 a.m.19 views

CVE-2023-27262 Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS10AI score0.00759EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/25 10:23 a.m.28 views

CVE-2023-27260 Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS10AI score0.00556EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/25 10:21 a.m.14 views

CVE-2023-27261 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers...

5.3CVSS6AI score0.00526EPSS
Exploits0References1
CVE
CVE
added 2023/10/25 10:21 a.m.45 views

CVE-2023-27261

CVE-2023-27261 affects IDAttend’s IDWeb application, version 3.1.052 and earlier. The root cause is missing authentication in the DeleteAssignments method, enabling unauthenticated actors to delete data. Reported impact states data deletion possible without credentials; CVSS bases show Medium sev...

6.5CVSS5.8AI score0.00526EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/25 10:20 a.m.45 views

CVE-2023-27377

CVE-2023-27377 affects IDAttend’s IDWeb app (versions 3.1.052 and earlier). The root cause is missing authentication in the StudentPopupDetails_EmergencyContactDetails method, enabling unauthenticated attackers to exfiltrate sensitive student data over the network. The cvss 3.1 data indicates hig...

7.5CVSS7.7AI score0.00695EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/25 10:19 a.m.12 views

CVE-2023-27376 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the StudentPopupDetailsStudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...

7.5CVSS7.7AI score0.00695EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/25 10:19 a.m.19 views

CVE-2023-27376 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the StudentPopupDetailsStudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...

7.5CVSS7.9AI score0.00695EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/25 10:18 a.m.14 views

CVE-2023-27375 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the StudentPopupDetailsContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers...

7.5CVSS7.7AI score0.00695EPSS
Exploits0References1
CVE
CVE
added 2023/10/25 10:17 a.m.39 views

CVE-2023-27259

IDAttend IDWeb application, versions 3.1.052 and earlier, has a vulnerability in the GetAssignmentsDue method where missing authentication allows unauthenticated extraction of sensitive student and teacher data. Root cause: incomplete access control enabling data exposure. Impact: confidential da...

7.5CVSS7.7AI score0.00508EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/25 10:15 a.m.20 views

CVE-2023-27257 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers...

7.5CVSS7.8AI score0.00695EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/25 10:13 a.m.14 views

CVE-2023-27256 Missing Authentication In IDAttend’s IDWeb Application

Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers...

5.8CVSS5.6AI score0.00559EPSS
Exploits0References1
CVE
CVE
added 2023/10/25 10:8 a.m.51 views

CVE-2023-27255

The CVE concerns IDAttend’s IDWeb application, affected in version 3.1.052 and earlier. The vulnerability is an unauthenticated SQL injection in the DeleteRoomChanges method, allowing an attacker to extract or modify all data without authentication. Multiple connected sources align on the core is...

9.8CVSS9.9AI score0.00759EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/25 10:4 a.m.13 views

CVE-2023-27254 Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS8.1AI score0.00759EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/25 10:2 a.m.23 views

CVE-2023-26584 Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS10AI score0.00556EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/25 10:2 a.m.16 views

CVE-2023-26583 Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS8.1AI score0.00556EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/25 10:0 a.m.22 views

CVE-2023-26581 Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS10AI score0.00556EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/25 9:49 a.m.24 views

CVE-2023-26580 Missing Authentication In IDAttend’s IDWeb Application

Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers...

7.5CVSS7.8AI score0.00662EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/25 9:49 a.m.10 views

CVE-2023-26580 Missing Authentication In IDAttend’s IDWeb Application

Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers...

7.5CVSS7.1AI score0.00662EPSS
Exploits0References1
Rows per page
Query Builder