CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6212 – SourceCodester Simple Student Attendance System student_form.php get_student cross site scripting
https://notcve.org/view.php?id=CVE-2024-6212
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. Affected by this issue is the function get_student of the file student_form.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://docs.google.com/document/d/1tl9-EAxUR64Og9zS-nyUx3YtG1V32Monkvq-h39tjpw/edit?usp=sharing https://vuldb.com/?ctiid.269276 https://vuldb.com/?id.269276 https://vuldb.com/?submit.359229 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1923 – SourceCodester Simple Student Attendance System List of Classes Page ajax-api.php delete_student sql injection
https://notcve.org/view.php?id=CVE-2024-1923
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class/delete_student of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BSimple%20Student%20Attendance%20System%20using%20PHP%20and%20MySQL%5D%20SQLi%20on%20ajax-api.php%3Faction=delete_class.md https://vuldb.com/?ctiid.254858 https://vuldb.com/?id.254858 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1834 – SourceCodester Simple Student Attendance System ?page=attendance&class_id=1 cross site scripting
https://notcve.org/view.php?id=CVE-2024-1834
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as problematic. This affects an unknown part of the file ?page=attendance&class_id=1. The manipulation of the argument class_date with the input 2024-02-23%22%3E%3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-Student-Attendance-System.md#2pageattendancexss https://vuldb.com/?ctiid.254625 https://vuldb.com/?id.254625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •