8 matches found
CVE-2020-10540
Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules...
CVE-2020-22453
Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information...
Untis WebUntis Cross-Site Scripting Vulnerability
Untis WebUntis is an individual developer's is a tool for schools to publish electronic timetables like students. A cross-site scripting vulnerability exists in Untis WebUntis versions prior to 2020.9.6, which stems from a lack of proper validation of client-side data by the web application. An...
CVE-2020-22453
Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information...
CVE-2020-22453
Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information...
CVE-2020-22453
Untis WebUntis before 2020.9.6 is affected by a Cross-Site Scripting (XSS) vulnerability in multiple functions that store information, arising from lack of proper validation of client-side data. This can allow execution of client-side code. The issue is addressed by upgrading to version 2020.9.6 ...
CVE-2020-10540
CVE-2020-10540 affects Untis WebUntis prior to version 2020.9.6 and is characterized by a CSRF vulnerability for certain combinations of rights and modules. The NVD records a CVSS v3.1 base score of 8.8 (HIGH) with NETWORK attack vector, LOW complexity, no privileges required, and user interactio...
CVE-2020-10540
Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules...