4 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Lanxiy7th/lx_CVE_report-/issues/2 https://vuldb.com/?ctiid.266293 https://vuldb.com/?id.266293 https://vuldb.com/?submit.344447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126. • https://www.usom.gov.tr/bildirim/tr-23-0131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126. • https://www.usom.gov.tr/bildirim/tr-23-0131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter. Se ha detectado que Sims versión v1.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del componente /addNotifyServlet. Esta vulnerabilidad permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el parámetro notifyInfo • http://cwe.mitre.org/data/definitions/79.html https://github.com/rawchen/sims/issues/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •