Vulnerabilities > Jenzabar

DATE CVE VULNERABILITY TITLE RISK
2021-02-06 CVE-2021-26723 Cross-site Scripting vulnerability in Jenzabar 9.2.0/9.2.1/9.2.2
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
network
low complexity
jenzabar CWE-79
6.1
2020-05-19 CVE-2020-8434 Session Fixation vulnerability in Jenzabar Internet Campus Solution
Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username.
network
low complexity
jenzabar CWE-384
critical
9.8
2019-03-25 CVE-2019-10012 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer.
network
high complexity
jenzabar tiny CWE-434
7.5
2019-03-25 CVE-2019-10011 Use of Hard-coded Credentials vulnerability in Jenzabar Internet Campus Solution
ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234.
network
low complexity
jenzabar CWE-798
critical
9.8
2018-12-21 CVE-2018-16778 Cross-site Scripting vulnerability in Jenzabar 8.2.1/9.2.0
Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field).
network
low complexity
jenzabar CWE-79
6.1