Filtered by vendor School Club Application System Project
Subscriptions
Filtered by product School Club Application System
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-29359 | 1 School Club Application System Project | 1 School Club Application System | 2024-11-21 | 6.1 Medium |
A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | ||||
CVE-2022-1288 | 1 School Club Application System Project | 1 School Club Application System | 2024-11-21 | 4.3 Medium |
A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used. | ||||
CVE-2022-1287 | 1 School Club Application System Project | 1 School Club Application System | 2024-11-21 | 6.5 Medium |
A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used. |
Page 1 of 1.