7 matches found
CVE-2025-25953
CVE-2025-25953 affects Serosoft Solutions Pvt Ltd Academia Student Information System EagleR v1.0.118. The connected sources describe an Azure JWT access token exposure in EagleR, enabling authenticated attackers to escalate privileges and access sensitive information. The base CVSS v3.1 vector i...
CVE-2025-25952
Summary of CVE-2025-25952 (CISA/CVE listing) Affected product: Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR, v1.0.118. Vulnerability: Insecure Direct Object References (IDOR) in the API endpoint "/getStudemtAllDetailsById?studentId=XX". Exploitation could allow an a...
CVE-2025-25950
CVE-2025-25950 affects Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118. The vulnerability is due to incorrect access control in the /rest/staffResource/update component, enabling creation and modification of user accounts, including Administrator accounts. Doc...
CVE-2025-27583
CVE-2025-27583 concerns Serosoft Solutions Academia Student Information System EagleR v1.0.118. The issue is incorrect access control in the REST endpoints /rest/staffResource/findAllUsersAcrossOrg (and related /create path) that allows creating and modifying user accounts, including Administrato...
CVE-2025-25951
CVE-2025-25951 affects Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118. The vulnerability is an information disclosure in the /rest/cb/executeBasicSearch component, permitting access to sensitive user information. CVSS v3.1 base score 7.5 (NETWORK, HIGH confid...
CVE-2025-27585
Technical details about CVE-2025-27585 are not provided in the connected documents. Please monitor for updates.
CVE-2025-27584
CVE-2025-27584 describes a stored XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118. The issue arises when an attacker injects a crafted payload into the First Name/Print Name/User ID parameters handled by the endpoint at /rest/staffResource...