Filtered by vendor School Club Application System Project Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-29359 1 School Club Application System Project 1 School Club Application System 2024-11-21 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.
CVE-2022-1288 1 School Club Application System Project 1 School Club Application System 2024-11-21 4.3 Medium
A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used.
CVE-2022-1287 1 School Club Application System Project 1 School Club Application System 2024-11-21 6.5 Medium
A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.