Filtered by vendor Web-school
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-30114 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege. | |||||
CVE-2021-30113 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website. | |||||
CVE-2021-30112 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege. | |||||
CVE-2021-30111 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed. |