33 matches found
EUVD-2021-17053
Malware in sbrugna...
EUVD-2021-17051
Malware in sbrugna...
EUVD-2021-17052
Malware in sbrugna...
CVE-2021-30114
Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege...
CVE-2021-30111
A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...
CVE-2021-30113
A blind XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attack...
CVE-2021-30112
Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a studentleaveapplication request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege...
Web-School ERP 跨站脚本漏洞
Web-School ERP is an application from Web-School India, Inc. An ERP application. A cross-site scripting vulnerability exists in Web-School ERP version 1.0, which stems from a cross-site scripting vulnerability in the username and password parameters of the /index.php page...
Web-School ERP Cross-Site Scripting Vulnerability (CNVD-2021-28278)
Web-School ERP is a school management software for schools and educational organizations. A stored cross-site scripting vulnerability exists in the Activity Name and Description fields in Web-School ERP version 5.0. An attacker can exploit the vulnerability to inject and execute JavaScript code...
Web-School ERP Cross-Site Request Forgery Vulnerability
Web-School ERP is a school management software for schools and educational organizations. A cross-site request forgery vulnerability exists in Web-School ERP version 5.0. An attacker can exploit this vulnerability to create a voucher payment request via module/accounting/voucher/create...
Web-School ERP Cross-Site Request Forgery Vulnerability (CNVD-2021-28279)
Web-School ERP is a school management software for schools and educational organizations. A cross-site request forgery vulnerability exists in Web-School ERP version 5.0. An attacker can exploit this vulnerability to create a studentleaveapplication request via...
Web-School ERP Cross-Site Scripting Vulnerability
Web-School ERP is a school management software for schools and educational organizations. A cross-site scripting vulnerability exists in the Activity Name and Description fields in Web-School ERP version 5.0. An attacker can exploit this vulnerability to inject and execute JavaScript code, which...
CVE-2021-30112
Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a studentleaveapplication request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege...
CVE-2021-30114
Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege...
CVE-2021-30111
A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...
CVE-2021-30113
A blind XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attack...
CVE-2021-30112
Web-School ERP V 5.0 contains a cross-site request forgery CSRF vulnerability that allows a remote attacker to create a studentleaveapplication request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege...
CVE-2021-30113
A blind XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attack...
CVE-2021-30111
A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...
Cross site scripting
A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...