CVE-2023-28347

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console...

CVE-2023-28347

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console...

CVE-2023-28350

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged...

Faronics Insight 访问控制错误漏洞

Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045, which originates from the creation of a specially crafted program with functionality similar to the Teacher's Console, which can write arbitrary...

CVE-2023-28349

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be...

CVE-2023-28348

An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students...

CVE-2023-28353

An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to...

CVE-2023-28353

An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to...

Faronics Insight 安全漏洞

Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045, which stems from the fact that private interfaces such as /login, /consoleSettings, /console, etc. can be accessed and perform privileged...

Faronics Insight 安全漏洞

Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045 that originates from exposing a teacher's console password in plaintext via an API endpoint accessible from the local host...

CVE-2023-28351

Summary: CVE-2023-28351 affects Faronics Insight 10.0.19045 (Windows) where every keystroke by any user on a system with the Student application is logged to a world‑readable directory. A local attacker can trivially access these cleartext keystrokes, enabling potential collection of PII and comp...

Faronics Insight 安全漏洞

Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045, which stems from discovering the system through misuse of Insight UDP broadcasts, which allows the student's end to connect and attack the...

CVE-2023-28351

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain...

CVE-2023-28346

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact wit...

CVE-2023-28344

The CVE-2023-28344 issue affects Faronics Insight 10.0.19045 on Windows. The root cause is insufficient access control when handling the agent id parameter in the Insight Teacher Console, allowing unauthenticated attackers to view constantly updated screenshots of student desktops and to submit f...

CVE-2023-28350

The CVE-2023-28350 issue affects Faronics Insight version 10.0.19045 on Windows, where attacker-supplied input is rendered in both the Teacher and Student Console applications without proper validation/sanitization. This enables cross-site scripting (XSS) in the consoles, and due to the Teacher C...

Faronics Insight 安全漏洞

Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045, which originates from a man-in-the-middle attack executed against a connected student or teacher that can intercept a student's keystrokes or...

CVE-2023-28345

CVE-2023-28345 affects Faronics Insight 10.0.19045 on Windows, where the Insight Teacher Console exposes the teacher’s password in cleartext via a localhost API endpoint. An attacker with physical access can open a browser, access the endpoint, and obtain the password, enabling login to the Teach...

CVE-2023-28348

The CVE-2023-28348 entry affects Faronics Insight version 10.0.19045. The root cause is unencrypted storage in the Teacher Console and Student Console components, enabling a nearby attacker to perform a man-in-the-middle attack by sending specially crafted HTTP requests to port 8890, intercepting...

CVE-2023-28348

An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students...