65 matches found
Code-Projects Online Class and Exam Scheduling System 注入漏洞
Code-Projects Online Class and Exam Scheduling System is an online class and exam scheduling system from Code-Projects, Inc. An injection vulnerability exists in Code-Projects Online Class and Exam Scheduling System version 1.0, which stems from a parameter id in the file /pages/roomupdate.php th...
CVE-2023-36136
PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account update user page allowing an attacker to capture all user names and passwords in clear text...
CVE-2023-36136
PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account update user page allowing an attacker to capture all user names and passwords in clear text...
CVE-2023-36136
The CVE affects PHPJabbers Class Scheduling System 1.0. The issue is that password handling on the update user page lacks encryption, allowing an attacker to capture all usernames and passwords in clear text. This directly impacts confidentiality and enables credential exposure without requiring ...
Class Scheduling System Security Vulnerability
Class Scheduling System is a class scheduling system by jkev individual developers. A security vulnerability exists in PHPJabbers Class Scheduling System version 1.0, which stems from a lack of password encryption when editing a user account updating a user's page, which allows an attacker to...
CVE-2023-36136
PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account update user page allowing an attacker to capture all user names and passwords in clear text...
CVE-2023-36134
In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password on the Profile Page allows remote attackers to take over accounts...
CVE-2023-36135
User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-36137
There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0...
CVE-2023-36135
User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
Design/Logic Flaw
User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
Cross site scripting
There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0...
Class Scheduling System Cross-Site Scripting Vulnerability
Class Scheduling System is a class scheduling system by jkev Personal Developer. A security vulnerability exists in Class Scheduling System version 1.0 due to a cross-site scripting XSS vulnerability in the theme parameter of preview.php...
PT-2023-25447 · Phpjabbers · Phpjabbers Class Scheduling System
Name of the Vulnerable Software and Affected Versions: PHPJabbers Class Scheduling System version 1.0 Description: The issue is related to a Cross Site Scripting XSS vulnerability. This vulnerability is found in the theme parameter of the "preview.php" file. Recommendations: For PHPJabbers Class...
CVE-2023-36137
CVE-2023-36137 affects PHPJabbers Class Scheduling System v1.0. The vulnerability is a Cross Site Scripting (XSS) in the theme parameter of preview.php. Root cause: untrusted input in the theme parameter can be reflected in the page, enabling script execution. According to the CVSS data, the impa...
Class Scheduling System Data Forgery Problem Vulnerability
Class Scheduling System is a class scheduling system by jkev Personal Developer. A security vulnerability exists in Class Scheduling System version 1.0, which stems from a lack of authentication when changing email addresses or passwords, allowing a remote attacker to take over an account...
PT-2023-25444 · Phpjabbers · Phpjabbers Class Scheduling System
Name of the Vulnerable Software and Affected Versions: PHP Jabbers Class Scheduling System version 1.0 Description: The issue concerns a lack of verification when changing an email address and/or password on the Profile Page, allowing remote attackers to take over accounts. Recommendations: For P...
CVE-2023-36134
CVE-2023-36134 affects PHP Jabbers Class Scheduling System 1.0. The issue is a lack of verification when changing an email address and/or password on the Profile Page, enabling remote attackers to take over accounts. No exploit vectors or affected versions beyond 1.0 are specified in the provided...
CVE-2023-36135
The CVE-2023-36135 issue affects PHPJabbers Class Scheduling System v1.0. During password recovery, a difference in responses between valid and invalid usernames enables user enumeration, which can facilitate brute-forcing existing accounts. The NVD entry and related sources confirm the affected ...
CVE-2023-36137
There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0...