Mindskip

Xzs-mysql

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-1084

Exploit
  • EPSS 0.14%
  • Veröffentlicht 07.02.2025 00:15:28
  • Zuletzt bearbeitet 10.10.2025 20:49:20

A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotel...

5.4

CVE-2025-1082

Exploit
  • EPSS 0.11%
  • Veröffentlicht 06.02.2025 23:15:08
  • Zuletzt bearbeitet 15.10.2025 16:24:06

A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content le...

6.8

CVE-2025-1083

Exploit
  • EPSS 0.11%
  • Veröffentlicht 06.02.2025 23:15:08
  • Zuletzt bearbeitet 10.10.2025 20:58:22

A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrust...

9.8

CVE-2024-29401

Exploit
  • EPSS 0.19%
  • Veröffentlicht 26.03.2024 15:15:49
  • Zuletzt bearbeitet 19.09.2025 14:25:21

xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything.

7.5

CVE-2021-46086

Exploit
  • EPSS 0.15%
  • Veröffentlicht 25.01.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:33:37

xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpu...