CVE-2021-30111
- EPSS 0.24%
- Veröffentlicht 08.04.2021 12:15:12
- Zuletzt bearbeitet 21.11.2024 06:03:19
A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be exec...
CVE-2021-30112
- EPSS 0.14%
- Veröffentlicht 08.04.2021 12:15:12
- Zuletzt bearbeitet 21.11.2024 06:03:19
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF...
CVE-2021-30113
- EPSS 0.25%
- Veröffentlicht 08.04.2021 12:15:12
- Zuletzt bearbeitet 21.11.2024 06:03:19
A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed...
CVE-2021-30114
- EPSS 0.14%
- Veröffentlicht 08.04.2021 12:15:12
- Zuletzt bearbeitet 21.11.2024 06:03:19
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST re...