794 matches found
CVE-2024-45057
The CVE-2024-45057 entry describes a Reflected Cross-Site Scripting (XSS) vulnerability in i-Educar prior to v2.9. The issue arises from insufficient validation/sanitization of user-controlled input in the dynamic generation of HTML fields, specifically in the file intranet/include/clsCampos.inc....
CVE-2024-45057 Reflected Cross-Site Scripting in i-Educar
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting XSS vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at...
CVE-2024-45057 Reflected Cross-Site Scripting in i-Educar
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting XSS vulnerability was identified in the dynamic generation of HTML fields prior to the 2.9 branch. The file located at...
Portábilis i-Educar 安全漏洞
Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. Portábilis i-Educar has a security vulnerability that stems from the ability to change its user type to administrator...
Portábilis i-Educar 安全漏洞
Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A security vulnerability exists in Portábilis i-Educar that stems from not validating user input...
Portábilis i-Educar 安全漏洞
Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A security vulnerability exists in Portábilis i-Educar, which stems from the fact that lack of cleanup of user-controlled parameters used to dynamically generate HTML field values can...
PT-2024-31410 · I-Educar · I-Educar
Name of the Vulnerable Software and Affected Versions: i-Educar versions prior to 2.9 Description: A SQL Injection vulnerability was found in the ieducar/intranet/funcionario vinculo det.php file, which creates the query by concatenating the unsanitized GET parameter cod func, allowing the attack...
PT-2024-31409 · I-Educar · I-Educar
Name of the Vulnerable Software and Affected Versions: i-Educar versions prior to 2.9 Description: The issue allows an attacker with minimal viewing privileges in the settings section to change their user type to Administrator or another type with super-permissions. This can be achieved through a...
CVE-2023-5578
A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agendaimprimir.php of the component HTTP GET Request Handler. The manipulation of the argument codagenda with the inp...
CVE-2023-5578
A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agendaimprimir.php of the component HTTP GET Request Handler. The manipulation of the argument codagenda with the inp...
Cross site scripting
A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agendaimprimir.php of the component HTTP GET Request Handler. The manipulation of the argument codagenda with the inp...
CVE-2023-5578 Portábilis i-Educar HTTP GET Request agenda_imprimir.php cross site scripting
A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agendaimprimir.php of the component HTTP GET Request Handler. The manipulation of the argument codagenda with the inp...
CVE-2023-5578
CVE-2023-5578 affects Portábilis i-Educar up to 2.7.5. The vulnerability is a cross-site scripting flaw in the HTTP GET Request Handler, specifically in the file intranet\agenda_imprimir.php, where the cod_agenda parameter can be injected with a payload like );'> . Remote exploitation is possi...
Portábilis i-Educar Cross-Site Scripting Vulnerability
Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. A cross-site scripting vulnerability exists in Portábilis i-Educar version 2.7.5, which originates from the presence of an unknown function in the file intranetagendaimprimir.php in t...