Filtered by vendor Web-school
Subscriptions
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-30114 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 6.5 Medium |
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege. | ||||
CVE-2021-30113 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 6.1 Medium |
A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website. | ||||
CVE-2021-30112 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 6.5 Medium |
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege. | ||||
CVE-2021-30111 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 5.4 Medium |
A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed. |
Page 1 of 1.