CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49986
https://notcve.org/view.php?id=CVE-2023-49986
07 Mar 2024 — A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) en el componente /admin/parent de School Fees Management System 1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro de nombre. • https://github.com/geraldoalcantara/CVE-2023-49986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49981
https://notcve.org/view.php?id=CVE-2023-49981
06 Mar 2024 — A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. Una vulnerabilidad de listado de directorios en School Fees Management System v1.0 permite a los atacantes enumerar directorios y archivos confidenciales dentro de la aplicación sin requerir autorización. • https://github.com/geraldoalcantara/CVE-2023-49981 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49982
https://notcve.org/view.php?id=CVE-2023-49982
06 Mar 2024 — Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. El control de acceso roto en el componente /admin/management/users del School Fees Management System v1.0 permite a los atacantes escalar privilegios y realizar acciones administrativas, incluida la adición y eliminación de cuentas de usuario. • https://github.com/geraldoalcantara/CVE-2023-49982 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49983
https://notcve.org/view.php?id=CVE-2023-49983
06 Mar 2024 — A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. Una vulnerabilidad de cross site scripting (XSS) en el componente /management/class de School Fees Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro de nombre.. • https://github.com/geraldoalcantara/CVE-2023-49983 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49984
https://notcve.org/view.php?id=CVE-2023-49984
06 Mar 2024 — A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. Una vulnerabilidad de cross site scripting (XSS) en el componente /management/settings de School Fees Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro de nombre. • https://github.com/geraldoalcantara/CVE-2023-49984 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51800
https://notcve.org/view.php?id=CVE-2023-51800
29 Feb 2024 — Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the main_settings component in the phone, address, bank, acc_name, acc_number parameters, new_class and cname parameter, add_new_parent function in the name email parameters, new_term function in the tname parameter, and the edit_student function in the name parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en School Fees Management System v.1.0 pe... • https://github.com/geraldoalcantara/CVE-2023-51800 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •