4 matches found
CVE-2023-38883
A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'...
CVE-2023-38881
A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendarid', 'schooldate', 'month' or 'year'...
CVE-2021-40309
A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cpidmissattn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with...
CVE-2021-40309
CVE-2021-40309 describes a SQL injection in OS4Ed’s OpenSIS 8.0, specifically in the TakeAttendance.php cp_id_miss_attn parameter. The vulnerability can be triggered by an authenticated user with access to the Take Attendance functionality, enabling an attacker to inject SQL queries. Connected so...