Filtered by vendor Idattend
Subscribe
Total
30 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-27376 | 1 Idattend | 1 Idweb | 2023-12-10 | N/A | 7.5 HIGH |
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
CVE-2023-26577 | 1 Idattend | 1 Idweb | 2023-12-10 | N/A | 5.4 MEDIUM |
Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user. | |||||
CVE-2023-27262 | 1 Idattend | 1 Idweb | 2023-12-10 | N/A | 9.1 CRITICAL |
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
CVE-2023-26571 | 1 Idattend | 1 Idweb | 2023-12-10 | N/A | 7.5 HIGH |
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | |||||
CVE-2023-26570 | 1 Idattend | 1 Idweb | 2023-12-10 | N/A | 7.5 HIGH |
Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
CVE-2023-26574 | 1 Idattend | 1 Idweb | 2023-12-10 | N/A | 7.5 HIGH |
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
CVE-2023-26581 | 1 Idattend | 1 Idweb | 2023-12-10 | N/A | 9.1 CRITICAL |
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
CVE-2023-27261 | 1 Idattend | 1 Idweb | 2023-12-10 | N/A | 6.5 MEDIUM |
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | |||||
CVE-2023-26583 | 1 Idattend | 1 Idweb | 2023-12-10 | N/A | 9.1 CRITICAL |
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
CVE-2023-26584 | 1 Idattend | 1 Idweb | 2023-12-10 | N/A | 9.1 CRITICAL |
Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. |