Vulnerabilities > Idattend > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-1356 | Cross-site Scripting vulnerability in Idattend Idweb Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link. | 6.1 |
| 2023-10-25 | CVE-2023-26577 | Cross-site Scripting vulnerability in Idattend Idweb Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user. | 5.4 |
| 2023-10-25 | CVE-2023-26579 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013 Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. | 5.3 |
| 2023-10-25 | CVE-2023-27256 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | 5.3 |
| 2023-10-25 | CVE-2023-27261 | Missing Authentication for Critical Function vulnerability in Idattend Idweb 3.1.013/3.1.052 Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | 6.5 |