Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Os4edOpensis9.0

8 matches found

CVE
CVEadded 2024/11/08 7:15 p.m.55 views

CVE-2024-51211

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands.

9.8CVSS7.9AI score0.04704EPSS
CVE
CVEadded 2023/11/20 7:15 p.m.35 views

CVE-2023-38881

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year'...

6.1CVSS6AI score0.00167EPSS
CVE
CVEadded 2023/11/20 7:15 p.m.29 views

CVE-2023-38879

The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.

7.5CVSS7.4AI score0.16079EPSS
CVE
CVEadded 2023/11/20 7:15 p.m.29 views

CVE-2023-38885

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.

8.8CVSS8.6AI score0.00375EPSS
CVE
CVEadded 2023/11/20 7:15 p.m.27 views

CVE-2023-38883

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'.

6.1CVSS6AI score0.00167EPSS
CVE
CVEadded 2023/11/20 7:15 p.m.24 views

CVE-2023-38880

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" (e.g. "opensisBack...

9.8CVSS9.5AI score0.00137EPSS
CVE
CVEadded 2023/11/20 7:15 p.m.23 views

CVE-2023-38882

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'

6.1CVSS6AI score0.00167EPSS
CVE
CVEadded 2023/11/20 7:15 p.m.13 views

CVE-2023-38884

An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/-'

7.5CVSS7.5AI score0.00356EPSS