Lucene search
+L
SerosoftAcademia Student Information System

7 matches found

CVE
CVE
added 2025/03/03 12:0 a.m.121 views

CVE-2025-25953

CVE-2025-25953 affects Serosoft Solutions Pvt Ltd Academia Student Information System EagleR v1.0.118. The connected sources describe an Azure JWT access token exposure in EagleR, enabling authenticated attackers to escalate privileges and access sensitive information. The base CVSS v3.1 vector i...

6.5CVSS6.9AI score0.00364EPSS
CVE
CVE
added 2025/03/03 12:0 a.m.114 views

CVE-2025-25952

Summary of CVE-2025-25952 (CISA/CVE listing) Affected product: Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR, v1.0.118. Vulnerability: Insecure Direct Object References (IDOR) in the API endpoint "/getStudemtAllDetailsById?studentId=XX". Exploitation could allow an a...

6.5CVSS6AI score0.00336EPSS
CVE
CVE
added 2025/03/03 12:0 a.m.73 views

CVE-2025-25950

CVE-2025-25950 affects Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118. The vulnerability is due to incorrect access control in the /rest/staffResource/update component, enabling creation and modification of user accounts, including Administrator accounts. Doc...

8.1CVSS6.6AI score0.00336EPSS
CVE
CVE
added 2025/03/03 12:0 a.m.69 views

CVE-2025-27583

CVE-2025-27583 concerns Serosoft Solutions Academia Student Information System EagleR v1.0.118. The issue is incorrect access control in the REST endpoints /rest/staffResource/findAllUsersAcrossOrg (and related /create path) that allows creating and modifying user accounts, including Administrato...

9.1CVSS6.6AI score0.00327EPSS
CVE
CVE
added 2025/03/03 12:0 a.m.67 views

CVE-2025-25951

CVE-2025-25951 affects Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118. The vulnerability is an information disclosure in the /rest/cb/executeBasicSearch component, permitting access to sensitive user information. CVSS v3.1 base score 7.5 (NETWORK, HIGH confid...

7.5CVSS6AI score0.0041EPSS
CVE
CVE
added 2025/03/03 12:0 a.m.61 views

CVE-2025-27585

Technical details about CVE-2025-27585 are not provided in the connected documents. Please monitor for updates.

5.4CVSS5.4AI score0.00201EPSS
Web
CVE
CVE
added 2025/03/03 12:0 a.m.57 views

CVE-2025-27584

CVE-2025-27584 describes a stored XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118. The issue arises when an attacker injects a crafted payload into the First Name/Print Name/User ID parameters handled by the endpoint at /rest/staffResource...

5.4CVSS5.6AI score0.00201EPSS
Web