Idweb Security Vulnerabilities and Issues — Idweb CVE List

Lucene search

IdattendIdweb

14 matches found

CVE•added 2023/10/25 6:17 p.m.•31 views

CVE-2023-27377

Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

7.5CVSS7.7AI score0.00307EPSS

CVE•added 2023/10/25 6:17 p.m.•29 views

CVE-2023-26571

Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.

7.5CVSS7.7AI score0.00237EPSS

CVE•added 2023/10/25 6:17 p.m.•29 views

CVE-2023-26575

Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.

7.5CVSS7.7AI score0.00061EPSS

CVE•added 2023/10/25 6:17 p.m.•29 views

CVE-2023-27375

Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

7.5CVSS7.7AI score0.00307EPSS

CVE•added 2023/10/25 6:17 p.m.•27 views

CVE-2023-26580

Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.

7.5CVSS7.6AI score0.00256EPSS

CVE•added 2023/10/25 6:17 p.m.•26 views

CVE-2023-1356

Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.

7.5CVSS6.2AI score0.00256EPSS

CVE•added 2023/10/25 6:17 p.m.•26 views

CVE-2023-26577

Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.

7.5CVSS5.8AI score0.00237EPSS

CVE•added 2023/10/25 6:17 p.m.•26 views

CVE-2023-27376

Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.

7.5CVSS7.7AI score0.00307EPSS

CVE•added 2023/10/25 6:17 p.m.•25 views

CVE-2023-26576

Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

7.5CVSS7.7AI score0.00307EPSS

CVE•added 2023/10/25 6:17 p.m.•25 views

CVE-2023-27258

Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.

7.5CVSS7.7AI score0.00466EPSS

CVE•added 2023/10/25 6:17 p.m.•24 views

CVE-2023-26574

Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

7.5CVSS7.7AI score0.00307EPSS

CVE•added 2023/10/25 6:17 p.m.•23 views

CVE-2023-27259

Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.

7.5CVSS7.7AI score0.00466EPSS

CVE•added 2023/10/25 6:17 p.m.•22 views

CVE-2023-26570

Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

7.5CVSS7.7AI score0.00307EPSS

CVE•added 2023/10/25 6:17 p.m.•22 views

CVE-2023-27257

Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.

7.5CVSS7.7AI score0.00357EPSS