30 matches found
CVE-2023-49981
A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization...
CVE-2023-49985
A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter...
CVE-2023-51800
Cross Site Scripting XSS vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the mainsettings component in the phone, address, bank, accname, accnumber parameters, newclass and cname parameter, addnewparent function in t...
CVE-2023-49983
A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...
CVE-2023-49985
A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter...
School Fees Management System 安全漏洞
School Fees Management System is a tuition management system. A security vulnerability exists in School Fees Management System version v1.0 that originates from a broken access control in /admin/management/users...
Improper access control
Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts...
Cross site scripting
A cross-site scripting XSS vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...
CVE-2023-49987
A cross-site scripting XSS vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter...
CVE-2023-49986
A cross-site scripting XSS vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...
CVE-2023-49986
A cross-site scripting XSS vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...
School Fees Management System Security Breach
School Fees Management System is a tuition management system. A security vulnerability exists in School Fees Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload that injects the name parameter...
CVE-2023-49987
A cross-site scripting XSS vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter...
CVE-2023-49986
The CVE-2023-49986 entry describes an XSS vulnerability in School Fees Management System 1.0, specifically in the /admin/parent component where a crafted payload placed in the name parameter can cause arbitrary web scripts/HTML to run. Root cause is unvalidated input in the name field leading to ...
CVE-2023-49987
A cross-site scripting XSS vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter...
CVE-2023-49987
CVE-2023-49987 affects School Fees Management System v1.0, with a cross-site scripting (XSS) flaw in the /management/term component where a crafted payload placed in the tname parameter can execute arbitrary script/HTML. Root cause: input handling in tname allows script execution. Impact: potenti...
CVE-2023-49985
A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter...
CVE-2023-49983
A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...
CVE-2023-49981
A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization...