Vulnerabilities > Idattend > Idweb > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-1356 Cross-site Scripting vulnerability in Idattend Idweb
Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.
network
low complexity
idattend CWE-79
6.1
2023-10-25 CVE-2023-26577 Cross-site Scripting vulnerability in Idattend Idweb
Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.
network
low complexity
idattend CWE-79
5.4
2023-10-25 CVE-2023-26579 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.
network
low complexity
idattend CWE-306
5.3
2023-10-25 CVE-2023-27256 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
network
low complexity
idattend CWE-306
5.3
2023-10-25 CVE-2023-27261 Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.
network
low complexity
idattend CWE-306
6.5