26 matches found
EUVD-2026-16660
A reflected Cross-Site Scripting XSS vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”. This vulnerability can be exploited to steal sensitive user...
CVE-2026-5010
A reflected Cross-Site Scripting XSS vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”. This vulnerability can be exploited to steal sensitive user...
CVE-2026-5010 Reflected Cross-Site Scripting (XSS) in Sanoma’s Clickedu
A reflected Cross-Site Scripting XSS vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”. This vulnerability can be exploited to steal sensitive user...
CVE-2026-5010
A reflected XSS vulnerability in Sanoma’s Clickedu is triggered via the /user.php/ endpoint. An attacker can lure a user to a malicious URL, causing JavaScript to run in the victim’s browser. Impact described includes potential theft of session cookies or performing actions on behalf of the user....
CVE-2026-5010 Reflected Cross-Site Scripting (XSS) in Sanoma’s Clickedu
A reflected Cross-Site Scripting XSS vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”. This vulnerability can be exploited to steal sensitive user...
CVE-2026-5010
A reflected Cross-Site Scripting XSS vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”. This vulnerability can be exploited to steal sensitive user...
PT-2026-28724
A reflected Cross-Site Scripting XSS vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”. This vulnerability can be exploited to steal sensitive user...
CVE-2026-2247
CVE-2026-2247 describes an SQL injection in Clicldeu SaaS during report generation via the mobile app’s Day-to-day section. The vulnerability arises when a previously authenticated remote attacker uses a malicious payload in the URL generated after downloading a student’s report card, with the PD...
CVE-2026-2247 SQL Injection in Clickedu's SaaS platform
SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...
CVE-2026-2247 SQL Injection in Clickedu's SaaS platform
SQL injection vulnerability SQLi in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student's report card in the ‘Day-to-day’ section from the mobile...
CVE-2025-41070
Reflected Cross-site Scripting XSS vulnerability in Sanoma's Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL in '/students/carpetesvaries.php'. This vulnerability can be exploited to steal sensitive user data, such...
CVE-2025-41070
Reflected Cross-site Scripting XSS vulnerability in Sanoma's Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL in '/students/carpetesvaries.php'. This vulnerability can be exploited to steal sensitive user data, such...
EUVD-2025-199980
Reflected Cross-site Scripting XSS vulnerability in Sanoma's Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL in '/students/carpetesvaries.php'. This vulnerability can be exploited to steal sensitive user data, such...
CVE-2025-41070 Reflected Cross-site Scripting (XSS) in Sanoma's Clickedu
Reflected Cross-site Scripting XSS vulnerability in Sanoma's Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL in '/students/carpetesvaries.php'. This vulnerability can be exploited to steal sensitive user data, such...
CVE-2025-41070
CVE-2025-41070 describes a reflected XSS in Sanoma’s Clickedu. The vulnerability exists in the web path /students/carpetes_varies.php , enabling an attacker to execute JavaScript in a victim’s browser, potentially stealing session cookies or performing actions on behalf of the user. Connected sou...
CVE-2025-41070 Reflected Cross-site Scripting (XSS) in Sanoma's Clickedu
Reflected Cross-site Scripting XSS vulnerability in Sanoma's Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL in '/students/carpetesvaries.php'. This vulnerability can be exploited to steal sensitive user data, such...
PT-2025-48436
Reflected Cross-site Scripting XSS vulnerability in Sanoma's Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL in '/students/carpetes varies.php'. This vulnerability can be exploited to steal sensitive user data, suc...
Sanoma Clickedu 跨站脚本漏洞
Sanoma Clickedu is a comprehensive education management software platform from the Finnish company Sanoma. A cross-site scripting vulnerability exists in Sanoma Clickedu, which stems from reflected cross-site scripting in /students/carpetesvaries.php, which could lead to the execution of maliciou...
EUVD-2025-27973
Malicious code in bioql PyPI...
CVE-2025-40650
Insecure Direct Object Reference IDOR vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards...