Filtered by vendor School Club Application System Project
Subscribe
Filtered by product School Club Application System
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29359 | 1 School Club Application System Project | 1 School Club Application System | 2022-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | |||||
CVE-2022-1287 | 1 School Club Application System Project | 1 School Club Application System | 2022-04-15 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used. | |||||
CVE-2022-1288 | 1 School Club Application System Project | 1 School Club Application System | 2022-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used. |