Vulnerabilities > Os4Ed

DATE CVE VULNERABILITY TITLE RISK
2020-12-04 CVE-2020-27409 Cross-Site Scripting vulnerability in Os4Ed Opensis 7.3
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.
network
os4ed CWE-79
4.3
2020-12-04 CVE-2020-27408 Inadequate Encryption Strength vulnerability in Os4Ed Opensis 7.3/7.6
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
network
low complexity
os4ed CWE-326
5.0
2020-09-01 CVE-2020-6144 Code Injection vulnerability in Os4Ed Opensis 7.4
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4.
network
low complexity
os4ed CWE-94
7.5
2020-09-01 CVE-2020-6143 Code Injection vulnerability in Os4Ed Opensis 7.4
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4.
network
low complexity
os4ed CWE-94
7.5
2020-09-01 CVE-2020-6142 Path Traversal vulnerability in Os4Ed Opensis 7.3
A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3.
network
low complexity
os4ed CWE-22
7.5
2020-09-01 CVE-2020-6140 SQL Injection vulnerability in Os4Ed Opensis 7.3
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3.
network
low complexity
os4ed CWE-89
7.5
2020-09-01 CVE-2020-6139 SQL Injection vulnerability in Os4Ed Opensis 7.3
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3.
network
low complexity
os4ed CWE-89
7.5
2020-09-01 CVE-2020-6138 SQL Injection vulnerability in Os4Ed Opensis 7.3
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3.
network
low complexity
os4ed CWE-89
7.5
2020-09-01 CVE-2020-6137 SQL Injection vulnerability in Os4Ed Opensis 7.3
SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3.
network
low complexity
os4ed CWE-89
7.5
2020-09-01 CVE-2020-6141 SQL Injection vulnerability in Os4Ed Opensis 7.3
An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3.
network
low complexity
os4ed CWE-89
7.5