CVE-2021-33371
https://notcve.org/view.php?id=CVE-2021-33371
A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el archivo /nav_bar_action.php de Student Management System versión v1.0, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el cuadro de chat • https://www.exploit-db.com/exploits/49865 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-23935 – Student Management System 1.0 - SQLi Authentication Bypass
https://notcve.org/view.php?id=CVE-2020-23935
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)". Kabir Alhasan Student Management System versión 1.0, es vulnerable a una Omisión de Autenticación por medio de "Username: admin'# && Password: (Write Something)" Kabir Alhasan Student Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. • https://www.exploit-db.com/exploits/50579 http://packetstormsecurity.com/files/165215/Kabir-Alhasan-Student-Management-System-1.0-SQL-Injection.html https://github.com/enesozeser/Vulnerabilities/blob/master/CVE-2020-23935 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •