Lucene search
K

4 matches found

NVD
NVD
added 2023/11/20 7:15 p.m.26 views

CVE-2023-38883

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'...

6.1CVSS0.00631EPSS
Exploits0References3
OSV
OSV
added 2023/11/20 12:0 a.m.26 views

CVE-2023-38881

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendarid', 'schooldate', 'month' or 'year'...

6.1CVSS6.1AI score0.00623EPSS
Exploits0References5
NVD
NVD
added 2021/09/24 4:15 p.m.17 views

CVE-2021-40309

A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cpidmissattn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with...

8.8CVSS0.01763EPSS
Exploits1References3
CVE
CVE
added 2021/09/24 3:9 p.m.50 views

CVE-2021-40309

CVE-2021-40309 describes a SQL injection in OS4Ed’s OpenSIS 8.0, specifically in the TakeAttendance.php cp_id_miss_attn parameter. The vulnerability can be triggered by an authenticated user with access to the Take Attendance functionality, enabling an attacker to inject SQL queries. Connected so...

8.8CVSS8.8AI score0.01763EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder