CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34580
https://notcve.org/view.php?id=CVE-2022-34580
Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php. Se ha detectado que Advanced School Management System versión v1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del parámetro address en el archivo ip/school/index.php • https://github.com/wencongzhao/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34594
https://notcve.org/view.php?id=CVE-2022-34594
Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field. Se ha detectado que Advanced School Management System versión 1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del componente ip/school/moudel/update_subject.php. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el campo de texto Edit Subject • https://github.com/gitgeniuss/bug_report/blob/master/vendors/itsourcecode.com/advanced-school-management-system/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34586
https://notcve.org/view.php?id=CVE-2022-34586
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/student_grade_wise.php. itsourcecode Advanced School Management System versión v1.0, es vulnerable a una inyección SQL por medio del parámetro grade en el archivo /school/view/student_grade_wise.php • https://github.com/Renrao/bug_report/blob/master/blob/main/vendors/itsourcecode.com/advanced-school-management-system/sql_injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34588
https://notcve.org/view.php?id=CVE-2022-34588
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetable_insert_form.php. itsourcecode Advanced School Management System versión v1.0, es vulnerable a una inyección SQL por medio del parámetro grade en el archivo /school/view/timetable_insert_form.php • https://github.com/Renrao/bug_report/blob/master/blob/main/vendors/itsourcecode.com/advanced-school-management-system/sql_injection3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32370
https://notcve.org/view.php?id=CVE-2022-32370
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=. itsourcecode Advanced School Management System versión v1.0, es vulnerable a una inyección SQL por medio del archivo /school/model/get_classroom.php?id= • https://github.com/k0xx11/bug_report/blob/main/vendors/itsourcecode.com/advanced-school-management-system/SQLi-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •