Jenzabar 9.2x-9.2.2 - Cross-Site Scripting

Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows /ics?tool=search&query. id: CVE-2021-26723 info: name: Jenzabar 9.2x-9.2.2 - Cross-Site Scripting author: pikpikcu severity: medium description: Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting...

EUVD-2020-29301

Malware in sbrugna...

EUVD-2018-8578

Malware in sbrugna...

EUVD-2019-2075

Malware in sbrugna...

EUVD-2019-2076

Malware in sbrugna...

CVE-2021-26723

Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search= XSS...

CVE-2020-8434

Jenzabar JICS aka Internet Campus Solution before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode ...

CVE-2019-10011

ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS aka Internet Campus Solution before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234...

CVE-2019-10012

Jenzabar JICS aka Internet Campus Solution before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager for .NET plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer...

Jenzabar 9.2.2 - 'query' Reflected XSS.

Exploit Title: Jenzabar 9.2.2 - 'query' Reflected XSS. Date: 2021–02–06 Exploit Author: y0ungdst Vendor Homepage: https://jenzabar.com Version: Jenzabar — v9.2.0-v9.2.1-v9.2.2 and maybe other versions Tested on: Windows 10 CVE : CVE-2021–26723 -Description: A Reflected Cross-site scripting XSS...

Duplicate numbering

Jenzabar is a website builder system for building and managing student information platforms from Jenzabar, USA. This number is duplicated with CNNVD-202102-567, the related content has been deleted, please refer to the information of CNNVD-202102-567...

CVE-2021-26723

Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS...

CVE-2021-26723

Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS...

Cross site scripting

Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS...

CVE-2021-26723

Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS...

CVE-2021-26723

Summary: CVE-2021-26723 affects Jenzabar 9.2.x up to 9.2.2 and is a reflected XSS via the /ics?tool=search&query parameter. The public sources describe an input vector that can inject JavaScript into the victim’s browser, with potential impacts including session hijacking, defacement, or theft of...

Jenzabar 9.2.2 Cross Site Scripting

Exploit Title: Jenzabar 9.2.2 - 'query' Reflected XSS. Date: 2021–02–06 Exploit Author: y0ungdst Vendor Homepage: https://jenzabar.com Version: Jenzabar — v9.2.0-v9.2.1-v9.2.2 and maybe other versions Tested on: Windows 10 CVE : CVE-2021–26723 -Description: A Reflected Cross-site scripting XSS...

Jenzabar Cross-Site Scripting Vulnerability

Jenzabar is a website builder from Jenzabar, Inc. that is used to build platforms for managing student information. Jenzabar 9.2.x through 9.2.2 suffers from a cross-site scripting vulnerability that originates from /ics?tool=search&query=...

CVE-2020-8434

Jenzabar JICS aka Internet Campus Solution before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode ...

CVE-2020-8434

Jenzabar JICS aka Internet Campus Solution before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode ...