Lucene search
K
ZerowddStudentmanager

7 matches found

CVE
CVE
added 2023/08/21 12:0 a.m.108 views

CVE-2023-39094

CVE-2023-39094 affects ZeroWdd studentmanager v1.0. The vulnerability is a cross-site scripting flaw in the student list function, exploited through the username parameter. Root cause: unsanitized input leading to script execution in the context of the victim. Documented impact: remote attackers ...

5.4CVSS5.8AI score0.00431EPSS
CVE
CVE
added 2025/04/14 8:0 p.m.80 views

CVE-2025-3587

CVE-2025-3587 affects ZeroWdd/code-projects studentmanager version 1.0. The vulnerability involves improper authorization in the /getTeacherList file, allowing a remote attacker to exploit it. Public disclosures imply exploitable conditions. CVSS base impact ratings from sources include High conf...

8.8CVSS7.4AI score0.0044EPSS
CVE
CVE
added 2025/01/05 11:31 p.m.55 views

CVE-2024-13143

CVE-2024-13143 affects ZeroWdd studentmanager 1.0. The issue is in the submitAddPermission function of PermissionController.java, where the argument url can be manipulated to trigger cross-site scripting. Attacks could be remote, and public exploits have been disclosed. Other parameters may also ...

5.4CVSS3.4AI score0.00283EPSS
CVE
CVE
added 2025/01/05 5:0 a.m.51 views

CVE-2024-13133

CVE-2024-13133 affects ZeroWdd’s studentmanager 1.0, specifically the addStudent/editStudent methods in src/main/Java/com/wdd/studentmanager/controller/StudentController.java. The root cause is manipulation of the file argument, enabling unrestricted file upload. This could be exploited remotely ...

8.8CVSS6.4AI score0.00349EPSS
CVE
CVE
added 2025/01/05 11:0 p.m.50 views

CVE-2024-13142

CVE-2024-13142 affects ZeroWdd studentmanager 1.0. The vulnerability resides in the RoleController.java file (submitAddRole function) where manipulation of the argument name enables cross-site scripting. Impact is remote exploitation with potential user-initialized content execution; no exploit v...

5.1CVSS3.4AI score0.0041EPSS
CVE
CVE
added 2025/01/05 8:0 a.m.44 views

CVE-2024-13134

ZeroWdd studentmanager 1.0 is affected by a vulnerability in the addTeacher/editTeacher function of src/main/Java/com/wdd/studentmanager/controller/TeacherController.java. Manipulating the file argument enables unrestricted uploads, enabling remote exploitation. Public exploits have been disclose...

8.8CVSS7AI score0.00363EPSS
CVE
CVE
added 2026/02/09 1:2 a.m.20 views

CVE-2026-2201

CVE-2026-2201 affects ZeroWdd studentmanager. The flaw is in LeaveController.addLeave where manipulating the Reason for Leave parameter triggers cross-site scripting. Attack may be remote; exploit disclosed publicly. No specific affected version information is provided; project has not been activ...

5.4CVSS3.4AI score0.00213EPSS