CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2042 – huang-yk student-manage cross-site request forgery
https://notcve.org/view.php?id=CVE-2025-2042
06 Mar 2025 — A vulnerability has been found in huang-yk student-manage 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Jingyi-u/student-manage/tree/main • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13902 – huang-yk student-manage Edit a Student Information Page cross site scripting
https://notcve.org/view.php?id=CVE-2024-13902
06 Mar 2025 — A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the argument Class leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/huang-yk/student-manage/issues/I9UXC4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •