Vulnerabilities > Os4Ed > Opensis > 8.0

DATE CVE VULNERABILITY TITLE RISK
2021-10-11 CVE-2021-40542 Cross-site Scripting vulnerability in Os4Ed Opensis 8.0
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS).
network
low complexity
os4ed CWE-79
6.1
6.1
2021-10-11 CVE-2021-40543 SQL Injection vulnerability in Os4Ed Opensis 8.0
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.
network
low complexity
os4ed CWE-89
critical
 9.8
9.8
2021-09-29 CVE-2021-40651 Path Traversal vulnerability in Os4Ed Opensis 8.0
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
network
low complexity
os4ed CWE-22
6.5
6.5
2021-09-24 CVE-2021-40309 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0.
network
low complexity
os4ed CWE-89
8.8
8.8
2021-09-24 CVE-2021-40310 Cross-site Scripting vulnerability in Os4Ed Opensis 8.0
OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.
network
low complexity
os4ed CWE-79
5.4
5.4
2021-09-01 CVE-2021-39377 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database.
network
low complexity
os4ed CWE-89
critical
 9.8
9.8
2021-09-01 CVE-2021-39378 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database.
network
low complexity
os4ed CWE-89
critical
 9.8
9.8
2021-09-01 CVE-2021-39379 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database.
network
low complexity
os4ed CWE-89
critical
 9.8
9.8
2021-09-01 CVE-2021-40353 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database.
network
low complexity
os4ed CWE-89
critical
 9.8
9.8