Vulnerabilities > Arox > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-15 CVE-2022-32118 Cross-site Scripting vulnerability in Arox School ERP PRO 1.0
Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php.
network
low complexity
arox CWE-79
6.1
6.1
2020-01-31 CVE-2020-8505 Cross-Site Request Forgery (CSRF) vulnerability in Arox School Management Software PHP/Mysql 20190314
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
network
low complexity
arox CWE-352
6.5
6.5
2020-01-31 CVE-2020-8504 Cross-Site Request Forgery (CSRF) vulnerability in Arox School Management Software PHP/Mysql 20190314
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.
network
low complexity
arox CWE-352
6.5
6.5