33 matches found
EUVD-2021-17052
Malware in sbrugna...
EUVD-2021-17053
Malware in sbrugna...
EUVD-2021-17051
Malware in sbrugna...
CVE-2021-30114
Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege...
CVE-2021-30111
A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...
CVE-2021-30113
A blind XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attack...
CVE-2021-30112
Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a studentleaveapplication request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege...
Web-School ERP 跨站脚本漏洞
Web-School ERP is an application from Web-School India, Inc. An ERP application. A cross-site scripting vulnerability exists in Web-School ERP version 1.0, which stems from a cross-site scripting vulnerability in the username and password parameters of the /index.php page...
Web-School ERP Cross-Site Request Forgery Vulnerability (CNVD-2021-28279)
Web-School ERP is a school management software for schools and educational organizations. A cross-site request forgery vulnerability exists in Web-School ERP version 5.0. An attacker can exploit this vulnerability to create a studentleaveapplication request via...
Web-School ERP Cross-Site Scripting Vulnerability (CNVD-2021-28278)
Web-School ERP is a school management software for schools and educational organizations. A stored cross-site scripting vulnerability exists in the Activity Name and Description fields in Web-School ERP version 5.0. An attacker can exploit the vulnerability to inject and execute JavaScript code...
Web-School ERP Cross-Site Scripting Vulnerability
Web-School ERP is a school management software for schools and educational organizations. A cross-site scripting vulnerability exists in the Activity Name and Description fields in Web-School ERP version 5.0. An attacker can exploit this vulnerability to inject and execute JavaScript code, which...
Web-School ERP Cross-Site Request Forgery Vulnerability
Web-School ERP is a school management software for schools and educational organizations. A cross-site request forgery vulnerability exists in Web-School ERP version 5.0. An attacker can exploit this vulnerability to create a voucher payment request via module/accounting/voucher/create...
CVE-2021-30111
A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...
CVE-2021-30112
Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a studentleaveapplication request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege...
CVE-2021-30112
Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a studentleaveapplication request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege...
CVE-2021-30114
Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege...
CVE-2021-30111
A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...
CVE-2021-30113
A blind XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attack...
CVE-2021-30113
A blind XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attack...
Cross site scripting
A blind XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attack...