33 matches found
EUVD-2021-29306
Malicious code in bioql PyPI...
EUVD-2021-29304
Malicious code in bioql PyPI...
EUVD-2021-29303
Malicious code in bioql PyPI...
ShinHer StudyOnline System License Issue Vulnerability
ShinHer StudyOnline System is a school administration system from ShinHer, China. " feature is not controlled by permissions. An attacker could use this vulnerability to access other users' message board content by setting URL parameters after logging in with user privileges...
ShinHer StudyOnline System Cross-Site Scripting Vulnerability
ShinHer StudyOnline System is a school administration system from ShinHer, a Chinese company. special characters in the title parameter. An attacker could use this vulnerability to inject JavaScript and execute a stored XSS attack after logging in with user privileges...
ShinHer StudyOnline System Licensing Issue Vulnerability (CNVD-2021-101182)
ShinHer StudyOnline System is a school system from ShinHer, China. ShinHer StudyOnline System is vulnerable to an authorization issue, which stems from the fact that the teacher editing function of ShinHer StudyOnline System is not controlled by permissions. An attacker could use this vulnerabili...
ShinHer StudyOnline System Licensing Issue Vulnerability (CNVD-2021-101183)
ShinHer StudyOnline System is a school system from ShinHer, a Chinese company. ShinHer StudyOnline System is vulnerable to an authorization issue that stems from the Study Edit feature of ShinHer StudyOnline System without permission control. An attacker could use this vulnerability to access and...
CVE-2021-42330
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters...
CVE-2021-42332
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters...
CVE-2021-42332
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters...
CVE-2021-42329
The “ListAdd” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks...
CVE-2021-42330
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters...
CVE-2021-42329
The “ListAdd” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks...
CVE-2021-42331
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters...
CVE-2021-42331
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters...
Cross site scripting
The “ListAdd” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks...
Design/Logic Flaw
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters...
Design/Logic Flaw
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters...
CVE-2021-42332
CVE-2021-42332 : The ShinHer StudyOnline System exposes a protected resource via the List View function not under proper authority control. After logging in with standard user privileges, an attacker can craft URL parameters to access other users’ message board content. This is described consiste...
CVE-2021-42332 ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-3
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters...