Lucene search
K

242 matches found

Prion
Prion
added 2023/10/25 6:17 p.m.13 views

Authentication flaw

Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers...

5CVSS7.6AI score0.00695EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.12 views

Sql injection

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

6.4CVSS9.6AI score0.00556EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.14 views

Sql injection

Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

6.4CVSS9.6AI score0.00556EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.15 views

Sql injection

Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

6.4CVSS9.6AI score0.00556EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.14 views

Authentication flaw

Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers...

5CVSS5.4AI score0.00526EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.19 views

Cross site scripting

Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link...

5.8CVSS6AI score0.00444EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.16 views

Authentication flaw

Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers...

5CVSS7.7AI score0.00603EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.15 views

Sql injection

Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

6.4CVSS9.6AI score0.00556EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.16 views

Authentication flaw

Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers...

5CVSS7.7AI score0.00508EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.16 views

Sql injection

Unauthenticated SQL injection in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

6.4CVSS9.6AI score0.00759EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.14 views

Authentication flaw

Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers...

5CVSS7.7AI score0.00508EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.11 views

Authentication flaw

Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers...

5CVSS5.5AI score0.00559EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.12 views

Sql injection

Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

6.4CVSS9.6AI score0.00759EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/25 6:17 p.m.14 views

Authentication flaw

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials...

6.4CVSS9.1AI score0.00724EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/25 10:28 a.m.9 views

CVE-2023-1356 Reflected Cross-site Scripting In IDAttend’s IDWeb Application

Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link...

7.5CVSS6.3AI score0.00444EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/25 10:28 a.m.23 views

CVE-2023-1356 Reflected Cross-site Scripting In IDAttend’s IDWeb Application

Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link...

7.5CVSS7.3AI score0.00444EPSS
Exploits0References1
CVE
CVE
added 2023/10/25 10:28 a.m.44 views

CVE-2023-1356

CVE-2023-1356 affects IDAttend IDWeb (versions 3.1.052 and earlier) with a reflected cross-site scripting vulnerability in the StudentSearch component. The root cause is reflected XSS that enables session hijacking when a user clicks a malicious link. Impact is session hijack capability; potentia...

7.5CVSS6.2AI score0.00444EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/25 10:25 a.m.19 views

CVE-2023-27262 Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS10AI score0.00759EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/25 10:25 a.m.11 views

CVE-2023-27262 Unauthenticated SQL Injection In IDAttend’s IDWeb Application

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

9.8CVSS8.4AI score0.00759EPSS
Exploits0References1
CVE
CVE
added 2023/10/25 10:25 a.m.42 views

CVE-2023-27262

Vulnerability (CVE-2023-27262) : Unauthenticated SQL injection in the GetAssignmentsDue method of IDAttend’s IDWeb application (versions up to 3.1.052) allows unauthenticated attackers to read/modify data. Affects: IDWeb; root cause: improper SQL handling in GetAssignmentsDue. Impact: high confid...

9.8CVSS9.9AI score0.00759EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder