Vulnerabilities (CVE)

Filtered by vendor Web-school Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30114 1 Web-school 1 Enterprise Resource Planning 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege.
CVE-2021-30113 1 Web-school 1 Enterprise Resource Planning 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website.
CVE-2021-30112 1 Web-school 1 Enterprise Resource Planning 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege.
CVE-2021-30111 1 Web-school 1 Enterprise Resource Planning 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed.