Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor School Club Application System Project Subscribe
Filtered by product School Club Application System
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29359 1 School Club Application System Project 1 School Club Application System 2022-06-06 4.3 MEDIUM 6.1 MEDIUM
A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.
CVE-2022-1287 1 School Club Application System Project 1 School Club Application System 2022-04-15 7.5 HIGH 9.8 CRITICAL
A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.
CVE-2022-1288 1 School Club Application System Project 1 School Club Application System 2022-04-15 4.3 MEDIUM 6.1 MEDIUM
A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used.