EUVD-2021-29304

Malicious code in bioql PyPI...

ShinHer StudyOnline System Licensing Issue Vulnerability (CNVD-2021-101182)

ShinHer StudyOnline System is a school system from ShinHer, China. ShinHer StudyOnline System is vulnerable to an authorization issue, which stems from the fact that the teacher editing function of ShinHer StudyOnline System is not controlled by permissions. An attacker could use this vulnerabili...

ShinHer StudyOnline System Licensing Issue Vulnerability (CNVD-2021-101183)

ShinHer StudyOnline System is a school system from ShinHer, a Chinese company. ShinHer StudyOnline System is vulnerable to an authorization issue that stems from the Study Edit feature of ShinHer StudyOnline System without permission control. An attacker could use this vulnerability to access and...

CVE-2021-42332

The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters...

CVE-2021-42332

The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters...

CVE-2021-42329

The “ListAdd” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks...

CVE-2021-42329

The “ListAdd” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks...

CVE-2021-42331

The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters...

CVE-2021-42331

The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters...

Cross site scripting

The “ListAdd” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks...

Design/Logic Flaw

The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters...

CVE-2021-42331

CVE-2021-42331 affects ShinHer StudyOnline System: the Study Edit function lacks permission checks, allowing an authenticated user to craft URL parameters to access and edit other users’ tutorial schedules. Documented impact is authorization bypass with potential for modification of schedules; no...

CVE-2021-42329 ShinHer Information Co., LTD. ShinHer StudyOnline System - Stored XSS

The “ListAdd” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks...

ShinHer StudyOnline System 安全漏洞

ShinHer StudyOnline System is a school administration system from ShinHer, China. " feature is not controlled by permissions. An attacker could use this vulnerability to access other users' message board content by setting URL parameters after logging in with user privileges...

PT-2021-23573 · Unknown · Shinher Studyonline System

Name of the Vulnerable Software and Affected Versions: ShinHer StudyOnline System affected versions not specified Description: The issue concerns the "Teacher Edit" function, which lacks authority control. After logging in with a user's privilege, remote attackers can access and edit other users'...

PT-2021-23575 · Unknown · Shinher Studyonline System

Name of the Vulnerable Software and Affected Versions: ShinHer StudyOnline System affected versions not specified Description: The issue concerns the "List View" function not being under authority control, allowing remote attackers to access other users' message board content by manipulating URL...

PT-2021-23574 · Unknown · Shinher Studyonline System

Name of the Vulnerable Software and Affected Versions: ShinHer StudyOnline System affected versions not specified Description: The issue concerns the "Study Edit" function, which lacks proper permission control. This allows remote attackers to access and edit other users' tutorial schedules by...