CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36136
https://notcve.org/view.php?id=CVE-2023-36136
08 Aug 2023 — PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. PHPJabbers Class Scheduling System 1.0 carece de cifrado en la contraseña al editar una cuenta de usuario (página de actualización de usuario) permitiendo a un atacante capturar todos los nombres de usuario y contraseñas en texto claro. • https://medium.com/%40blakehodder/additional-vulnerabilities-in-php-jabbers-scripts-c6bbd89b24bb • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36134
https://notcve.org/view.php?id=CVE-2023-36134
03 Aug 2023 — In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. En Class Scheduling System 1.0 de PHPJabbers, la falta de verificación al cambiar una dirección de correo electrónico y/o contraseña (en la Página de Perfil) permite a atacantes remotos tomar el control de cuentas. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36135
https://notcve.org/view.php?id=CVE-2023-36135
03 Aug 2023 — User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. Una enumeración de usuarios fue detectada en Class Scheduling System v1.0 de PHPJabbers. Este problema se produce durante la recuperación de contraseñas, donde una diferencia en los mensajes podría permitir a un atacante determinar si el usuario es v... • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36137
https://notcve.org/view.php?id=CVE-2023-36137
03 Aug 2023 — There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0. Hay una vulnerabilidad de Cross Site Scripting (XSS) en el parámetro "theme" de preview.php en PHPJabbers Class Scheduling System 1.0. • https://medium.com/%40bcksec/multiple-vulnerabilities-in-php-jabbers-scripts-25af4afcadd4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2826 – SourceCodester Class Scheduling System POST Parameter search_teacher_result.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-2826
21 May 2023 — A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/joicygiore/ApplyForCVE/blob/main/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2823 – SourceCodester Class Scheduling System GET Parameter edit_subject.php sql injection
https://notcve.org/view.php?id=CVE-2023-2823
20 May 2023 — A vulnerability was found in SourceCodester Class Scheduling System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_subject.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. • https://github.com/zhulielie/CVEReport/blob/main/SQL.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2814 – SourceCodester Class Scheduling System POST Parameter save_teacher.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-2814
19 May 2023 — A vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Affected is an unknown function of the file /admin/save_teacher.php of the component POST Parameter Handler. The manipulation of the argument Academic_Rank leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jiy2020/bugReport/blob/main/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •