7 matches found
CVE-2023-49987
CVE-2023-49987 affects School Fees Management System v1.0, with a cross-site scripting (XSS) flaw in the /management/term component where a crafted payload placed in the tname parameter can execute arbitrary script/HTML. Root cause: input handling in tname allows script execution. Impact: potenti...
CVE-2023-49986
The CVE-2023-49986 entry describes an XSS vulnerability in School Fees Management System 1.0, specifically in the /admin/parent component where a crafted payload placed in the name parameter can cause arbitrary web scripts/HTML to run. Root cause is unvalidated input in the name field leading to ...
CVE-2023-49985
The CVE-2023-49985 entry concerns a cross-site scripting (XSS) flaw in the School Fees Management System v1.0, specifically in the /management/class component, where an attacker can inject arbitrary web scripts via the cname parameter. The Red Hat/NVD/CNNVD/PRION and related entries confirm the v...
CVE-2023-49983
CVE-2023-49983 is an XSS vulnerability in the School Fees Management System v1.0, affecting the /management/class component. The issue allows an attacker to inject arbitrary web scripts or HTML through the name parameter, with impact described as high confidentiality impact and low integrity/avai...
CVE-2023-49981
The vulnerability CVE-2023-49981 affects School Fees Management System v1.0 and is a directory listing flaw caused by an improper access control/logic that allows unauthenticated users to enumerate directories and sensitive files. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK attack vector,...
CVE-2023-49984
The CVE-2023-49984 entry affects School Fees Management System v1.0, with an XSS vulnerability in the /management/settings component. The issue allows attackers to inject arbitrary web scripts or HTML via the name parameter, enabling potential script execution. The vulnerability is documented acr...
CVE-2023-49982
CVE-2023-49982 affects School Fees Management System v1.0, specifically the vulnerable component at /admin/management/users. The root cause is broken access control that allows an attacker to escalate privileges and perform administrative actions, including adding and deleting user accounts. The ...