Vulnerabilities > Idattend > Idweb

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-1356 Cross-site Scripting vulnerability in Idattend Idweb
Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.
network
low complexity
idattend CWE-79
6.1
2023-10-25 CVE-2023-26568 SQL Injection vulnerability in Idattend Idweb
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
9.1
2023-10-25 CVE-2023-26569 SQL Injection vulnerability in Idattend Idweb
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
9.1
2023-10-25 CVE-2023-26570 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-26571 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-26572 SQL Injection vulnerability in Idattend Idweb
Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
network
low complexity
idattend CWE-89
critical
9.1
2023-10-25 CVE-2023-26573 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.
network
low complexity
idattend CWE-306
critical
9.1
2023-10-25 CVE-2023-26574 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-26575 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5
2023-10-25 CVE-2023-26576 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
network
low complexity
idattend CWE-306
7.5