CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34594
https://notcve.org/view.php?id=CVE-2022-34594
Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field. Se ha detectado que Advanced School Management System versión 1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del componente ip/school/moudel/update_subject.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el campo de texto Edit Subject • https://github.com/gitgeniuss/bug_report/blob/master/vendors/itsourcecode.com/advanced-school-management-system/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34586
https://notcve.org/view.php?id=CVE-2022-34586
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/student_grade_wise.php. itsourcecode Advanced School Management System versión v1.0, es vulnerable a una inyección SQL por medio del parámetro grade en el archivo /school/view/student_grade_wise.php • https://github.com/Renrao/bug_report/blob/master/blob/main/vendors/itsourcecode.com/advanced-school-management-system/sql_injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34588
https://notcve.org/view.php?id=CVE-2022-34588
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetable_insert_form.php. itsourcecode Advanced School Management System versión v1.0, es vulnerable a una inyección SQL por medio del parámetro grade en el archivo /school/view/timetable_insert_form.php • https://github.com/Renrao/bug_report/blob/master/blob/main/vendors/itsourcecode.com/advanced-school-management-system/sql_injection3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46824
https://notcve.org/view.php?id=CVE-2021-46824
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. Una vulnerabilidad de tipo cross Site Scripting (XSS) en sourcecodester School File Management System versión 1.0, por medio del parámetro Lastname del formulario Update Account en el archivostudent_profile.php • https://packetstormsecurity.com/files/161394/School-File-Management-System-1.0-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/49559 https://www.sourcecodester.com/php/14155/school-file-management-system.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-29055
https://notcve.org/view.php?id=CVE-2021-29055
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en sourcecodester School File Management System versión 1.0, por medio del parámetro Firtstname del formulario Update Account en el archivo student_profile.php • https://packetstormsecurity.com/files/161394/School-File-Management-System-1.0-Cross-Site-Scripting.html https://www.sourcecodester.com/php/14155/school-file-management-system.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •