7 matches found
CVE-2023-39094
CVE-2023-39094 affects ZeroWdd studentmanager v1.0. The vulnerability is a cross-site scripting flaw in the student list function, exploited through the username parameter. Root cause: unsanitized input leading to script execution in the context of the victim. Documented impact: remote attackers ...
CVE-2025-3587
CVE-2025-3587 affects ZeroWdd/code-projects studentmanager version 1.0. The vulnerability involves improper authorization in the /getTeacherList file, allowing a remote attacker to exploit it. Public disclosures imply exploitable conditions. CVSS base impact ratings from sources include High conf...
CVE-2024-13143
CVE-2024-13143 affects ZeroWdd studentmanager 1.0. The issue is in the submitAddPermission function of PermissionController.java, where the argument url can be manipulated to trigger cross-site scripting. Attacks could be remote, and public exploits have been disclosed. Other parameters may also ...
CVE-2024-13133
CVE-2024-13133 affects ZeroWdd’s studentmanager 1.0, specifically the addStudent/editStudent methods in src/main/Java/com/wdd/studentmanager/controller/StudentController.java. The root cause is manipulation of the file argument, enabling unrestricted file upload. This could be exploited remotely ...
CVE-2024-13142
CVE-2024-13142 affects ZeroWdd studentmanager 1.0. The vulnerability resides in the RoleController.java file (submitAddRole function) where manipulation of the argument name enables cross-site scripting. Impact is remote exploitation with potential user-initialized content execution; no exploit v...
CVE-2024-13134
ZeroWdd studentmanager 1.0 is affected by a vulnerability in the addTeacher/editTeacher function of src/main/Java/com/wdd/studentmanager/controller/TeacherController.java. Manipulating the file argument enables unrestricted uploads, enabling remote exploitation. Public exploits have been disclose...
CVE-2026-2201
CVE-2026-2201 affects ZeroWdd studentmanager. The flaw is in LeaveController.addLeave where manipulating the Reason for Leave parameter triggers cross-site scripting. Attack may be remote; exploit disclosed publicly. No specific affected version information is provided; project has not been activ...