CVE-2021-33371
https://notcve.org/view.php?id=CVE-2021-33371
A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el archivo /nav_bar_action.php de Student Management System versión v1.0, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el cuadro de chat • https://www.exploit-db.com/exploits/49865 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-34550
https://notcve.org/view.php?id=CVE-2022-34550
Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter. Se ha detectado que Sims versión v1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del componente /addNotifyServlet. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el parámetro notifyInfo • http://cwe.mitre.org/data/definitions/79.html https://github.com/rawchen/sims/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-45865
https://notcve.org/view.php?id=CVE-2021-45865
A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality. Se presenta una vulnerabilidad de carga de archivos en Sourcecodester Student Attendance Management System versión 1.0, por medio de la funcionalidad file upload • https://github.com/lohyt/Code-execution-via-vulnerable-file-upload-functionality-found-in-Student-Attendance-Management-Syste • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-45866
https://notcve.org/view.php?id=CVE-2021-45866
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) Almacenado en Sourcecodester Student Attendance Management System versión 1.0, por medio del curso archivado en el archivo index.php • https://github.com/lohyt/XSS-in-Student-attendance-management • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-35270
https://notcve.org/view.php?id=CVE-2020-35270
Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result. Student Result Management System en PHP con Código Fuente, está afectado por una inyección SQL. Un atacante puede ser capaz de acceder al Panel de Administración y manejar todas las cuentas del Resultado • https://projectnotes.org/it-projects/student-result-management-system-in-php-with-source-code https://www.exploit-db.com/exploits/49152 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •