Lucene search
K
Online Examination System ProjectOnline Examination System

7 matches found

CVE
CVE
added 2023/11/02 1:42 a.m.55 views

CVE-2023-45111

Online Examination System v1.0 contains unauthenticated SQL injection vulnerabilities in feed.php, caused by improper validation/escaping of the email parameter. This vulnerability (CVE-2023-45111) is reported across multiple sources, with the weakness described as unfiltered input reaching the d...

9.8CVSS10AI score0.007EPSS
CVE
CVE
added 2020/12/09 10:18 p.m.48 views

CVE-2020-29257

CVE-2020-29257: Cross-site scripting in Online Examination System 1.0 (SourceCodester Online Examination System) via the q parameter to feedback.php. Root cause: user input in q is not properly filtered, enabling injection of JavaScript that can execute in the victim’s browser. Documented impact:...

6.1CVSS6AI score0.00692EPSS
CVE
CVE
added 2020/12/09 10:34 p.m.45 views

CVE-2020-29259

CVE-2020-29259 is a cross-site scripting (XSS) vulnerability in Online Examination System 1.0, exploitable via the subject or feedback parameter to feedback.php. The root cause is insufficient input validation/ sanitization of user-supplied data, enabling attacker-controlled script execution in t...

5.4CVSS5.3AI score0.00665EPSS
CVE
CVE
added 2021/05/24 12:41 p.m.38 views

CVE-2020-26006

Project Worlds Online Examination System 1.0 is vulnerable to Cross-Site Scripting (XSS) via account.php. Multiple sources (NVD CVE-2020-26006; CNVD/CNNVD entries) confirm an XSS vulnerability in this version, enabling injection of malicious JavaScript to execute in a user’s browser and potential...

6.1CVSS6AI score0.00685EPSS
CVE
CVE
added 2020/12/09 10:22 p.m.38 views

CVE-2020-29258

CVE-2020-29258 is an XSS vulnerability in Online Examination System 1.0, exploitable via the w parameter in index.php. The affected component is the web application’s index.php handling the w query parameter, enabling attacker-supplied script to be reflected to the user. Documented impact is clie...

6.1CVSS6AI score0.00677EPSS
CVE
CVE
added 2023/07/07 12:0 a.m.38 views

CVE-2023-36256

CVE-2023-36256 affects The Online Examination System Project 1.0. The vulnerability is a CSRF flaw where an attacker can craft a malicious link that, when clicked by an admin, deletes a user account from the database via a URL parameter (email). This can cause data loss and does not require admin...

6.5CVSS6.5AI score0.00382EPSS
CVE
CVE
added 2021/05/24 12:40 p.m.37 views

CVE-2020-25411

CVE-2020-25411 : Projectworlds Online Examination System 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) , allowing a remote attacker to delete an existing user. Connected documents corroborate the CSRF root cause and the impact as user deletion. No concrete technical details (endpoints, p...

6.5CVSS6.4AI score0.00658EPSS