3 matches found
CVE-2014-1942
Pearson eSIS Enterprise Student Information System contains a reflected XSS vulnerability in /aal/loginverification.aspx. The issue allows remote attackers to inject arbitrary script via unspecified vectors, potentially affecting the user’s browser context. The publicly available sources identify...
CVE-2014-1454
Pearson eSIS Enterprise Student Information System is affected by CVE-2014-1454, a stored XSS in the message board caused by improper validation of user input. The vulnerability allows injection of HTML/script into the browser context of other users, potentially enabling session hijacking or phis...
CVE-2014-1455
Pearson eSIS Enterprise Student Information System (vendor Pearson VUE) is affected by CVE-2014-1455 due to an SQL injection in the password-reset function. The vulnerability involves unsanitized input in the new password being used in an ALTER USER/SQL context, enabling an attacker to execute ar...