CVE-2019-17580

The CVE-2019-17580 entry corresponds to Tooonyy dormsystem prior to or at version 1.3, where a SQL injection vulnerability exists in admin.php due to lack of validation of externally-entered SQL statements. The connected records (CNVD-2020-14283, RH: CVE-2019-17580, OSV and CVE listings) corrobor...

CVE-2019-17581

The CVE-2019-17581 entry concerns the tonyy dormsystem web application (version 1.3 and earlier). The connected records consistently describe a DOM-based XSS vulnerability caused by insufficient validation of client-side data in the web interface, enabling execution of attacker-supplied script in...