18 results (0.004 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php. Se ha detectado que Advanced School Management System versión v1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del parámetro address en el archivo ip/school/index.php • https://github.com/wencongzhao/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field. Se ha detectado que Advanced School Management System versión 1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del componente ip/school/moudel/update_subject.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el campo de texto Edit Subject • https://github.com/gitgeniuss/bug_report/blob/master/vendors/itsourcecode.com/advanced-school-management-system/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/student_grade_wise.php. itsourcecode Advanced School Management System versión v1.0, es vulnerable a una inyección SQL por medio del parámetro grade en el archivo /school/view/student_grade_wise.php • https://github.com/Renrao/bug_report/blob/master/blob/main/vendors/itsourcecode.com/advanced-school-management-system/sql_injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetable_insert_form.php. itsourcecode Advanced School Management System versión v1.0, es vulnerable a una inyección SQL por medio del parámetro grade en el archivo /school/view/timetable_insert_form.php • https://github.com/Renrao/bug_report/blob/master/blob/main/vendors/itsourcecode.com/advanced-school-management-system/sql_injection3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=. itsourcecode Advanced School Management System versión v1.0, es vulnerable a una inyección SQL por medio del archivo /school/model/get_classroom.php?id= • https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •