CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47132
https://notcve.org/view.php?id=CVE-2022-47132
03 Feb 2023 — A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. • https://github.com/OpenXP-Research/CVE-2022-47132 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-47131
https://notcve.org/view.php?id=CVE-2022-47131
03 Feb 2023 — A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. • https://github.com/OpenXP-Research/CVE-2022-47131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-47130
https://notcve.org/view.php?id=CVE-2022-47130
03 Feb 2023 — A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. • https://github.com/OpenXP-Research/CVE-2022-47130 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-38553
https://notcve.org/view.php?id=CVE-2022-38553
26 Sep 2022 — Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. Se ha detectado que Academy Learning Management System versiones anteriores a 5.9.1, contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejado por medio del parámetro Search. • https://github.com/4websecurity/CVE-2022-38553 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-29380
https://notcve.org/view.php?id=CVE-2022-29380
25 May 2022 — Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. Se ha detectado que Academy-LMS versión v4.3, contiene una vulnerabilidad de tipo cross-site scripting (XSS) almacenada en el panel SEO • https://github.com/OpenXP-Research/CVE-2022-29380 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-22273
https://notcve.org/view.php?id=CVE-2020-22273
04 Nov 2020 — Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings) Neoflex Video Subscription System versión 2.0, está afectada por una vulnerabilidad de tipo CSRF, que permite que Configuración del Sitio Web sea cambiada (tal y como Payment Settings) • https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22273.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2018-18417 – Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-18417
17 Oct 2018 — In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. En la versión 3.1 de Ekushey Project Manager CRM, se ha descubierto Cross-Site Scripting (XSS) persistente en las secciones input y upload, tal y como queda demostrado con el parámetro name en el URI index.php/admin/client/create. Ekushey Project Manager CRM version 3.1 suffers from a persistent cross site scriptin... • https://packetstorm.news/files/id/149842 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •