Vulnerabilities > Jenzabar

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-06	CVE-2021-26723	Cross-site Scripting vulnerability in Jenzabar 9.2.0/9.2.1/9.2.2 Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. network jenzabar CWE-79	4.3
2020-05-19	CVE-2020-8434	Session Fixation vulnerability in Jenzabar Internet Campus Solution Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. network low complexity jenzabar CWE-384 critical	9.8
2019-03-25	CVE-2019-10012	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer. network high complexity jenzabar tiny CWE-434	7.5
2019-03-25	CVE-2019-10011	Use of Hard-coded Credentials vulnerability in Jenzabar Internet Campus Solution ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. network low complexity jenzabar CWE-798 critical	9.8
2018-12-21	CVE-2018-16778	Cross-site Scripting vulnerability in Jenzabar 8.2.1/9.2.0 Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field). network jenzabar CWE-79	4.3

Vulnerabilities > Jenzabar {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenzabar"}]}

Vulnerabilities > Jenzabar