168 matches found
CVE-2024-33992 Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System
Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/student/index.php'...
CVE-2024-33992
CVE-2024-33992 is a Cross-Site Scripting (XSS) vulnerability in School Event Management System v1.0. The flaw allows an attacker to craft a query to the server and retrieve all stored data through the view parameter in /student/index.php. Connected sources corroborate the vulnerability and recomm...
CVE-2024-33990 Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System
Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'id' and 'view' parameters ...
CVE-2024-33990
CVE-2024-33990 describes a Cross-Site Scripting (XSS) vulnerability in School Event Management System v1.0 . The issue can be triggered by an authenticated user who receives a specially crafted payload via the id and view parameters in /user/index.php , allowing an attacker to partially take over...
CVE-2024-33986 Cross-Site Scripting (XSS) vulnerability in Janobe products
Cross-Site Scripting XSS vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in...
CVE-2024-33986
The CVE-2024-33986 issue is a Cross-Site Scripting (XSS) vulnerability in Janobe-based School Attendance Monitoring System and School Event Management System (version 1.0). The root cause is untrusted input in the web interface that can be injected via the View parameter in /department/index.php,...
CVE-2024-33985 Cross-Site Scripting (XSS) vulnerability in Janobe products
Cross-Site Scripting XSS vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php...
CVE-2024-33985 Cross-Site Scripting (XSS) vulnerability in Janobe products
Cross-Site Scripting XSS vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php...
CVE-2024-33985
CVE-2024-33985 is a Cross-Site Scripting (XSS) vulnerability in Janobe’s School Attendance Monitoring System and School Event Management System (version 1.0). A crafted URL can cause the victim to disclose session cookies via the View parameter in /course/index.php. Documents confirm affected pro...
CVE-2024-33977
Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'...
CVE-2024-33975
Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in '/admin/products/index.ph...
CVE-2024-33977 Cross-site Scripting in Janobe E-Negosyo System
Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session cookie details via 'view' parameter in /admin/orders/index.php'...
CVE-2024-33975 Cross-site Scripting in Janobe E-Negosyo System
Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in '/admin/products/index.ph...
School Event Management System 跨站脚本漏洞
School Event Management System is a school event management system. A cross-site scripting vulnerability exists in School Event Management System version 1.0. An attacker can create a specially crafted URL and send it to a victim to obtain their session details via the "view" parameter in...
Young Entrepreneur E-Negosyo System 跨站脚本漏洞
Young Entrepreneur E-Negosyo System is a Young Entrepreneur E-Negosyo System by janobe individual developers. A cross-site scripting vulnerability exists in Young Entrepreneur E-Negosyo System version 1.0. An attacker can create a specially crafted URL and send it to a victim to obtain their...
PT-2024-25625 · Unknown · School Management System
Name of the Vulnerable Software and Affected Versions: School Event Management System version 1.0 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the view...
PT-2024-25597 · Paypal · Paypal
Name of the Vulnerable Software and Affected Versions: Payment system versions 1.0 Description: A SQL injection issue affects the PayPal, Credit Card, and Debit Card Payment system. An attacker could exploit this by sending a specially crafted query to the server, allowing them to retrieve all...
School Attendance Monitoring System和School Event Management System 跨站脚本漏洞
School Event Management System is a school event management system and School Attendance Monitoring System is a school attendance monitoring system. A cross-site scripting vulnerability exists in School Attendance Monitoring System and School Event Management System version 1.0. An attacker can...
Young Entrepreneur E-Negosyo System 跨站脚本漏洞
Young Entrepreneur E-Negosyo System is a Young Entrepreneur E-Negosyo System by janobe individual developers. A cross-site scripting vulnerability exists in Young Entrepreneur E-Negosyo System version 1.0. An attacker can use this vulnerability to send a specially crafted JavaScript load to a use...
School Event Management System 安全漏洞
School Event Management System is a school event management system. A security vulnerability exists in School Event Management System version 1.0. The vulnerability can be exploited to send a specially crafted JavaScript load to a user to take over their browser session via the "id" and "view in...