Vulnerabilities > Os4Ed > Opensis > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-20 | CVE-2023-38881 | Cross-site Scripting vulnerability in Os4Ed Opensis 9.0 A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year' parameters in 'CalendarModal.php'. | 6.1 |
2023-11-20 | CVE-2023-38882 | Cross-site Scripting vulnerability in Os4Ed Opensis 9.0 A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php' | 6.1 |
2023-11-20 | CVE-2023-38883 | Cross-site Scripting vulnerability in Os4Ed Opensis 9.0 A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'. | 6.1 |
2023-02-13 | CVE-2022-45962 | SQL Injection vulnerability in Os4Ed Opensis 7.3/7.6/8.0 Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php. | 6.5 |
2022-04-11 | CVE-2022-27041 | SQL Injection vulnerability in Os4Ed Opensis 8.0 Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases. | 5.0 |
2022-03-03 | CVE-2021-40637 | Cross-site Scripting vulnerability in Os4Ed Opensis 8.0 OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. | 4.3 |
2022-03-03 | CVE-2021-40635 | SQL Injection vulnerability in Os4Ed Opensis 8.0 OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. | 5.0 |
2022-03-03 | CVE-2021-40636 | SQL Injection vulnerability in Os4Ed Opensis 8.0 OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database. | 5.0 |
2021-11-30 | CVE-2021-41678 | SQL Injection vulnerability in Os4Ed Opensis 8.0 A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. | 6.8 |
2021-11-30 | CVE-2021-41679 | SQL Injection vulnerability in Os4Ed Opensis 8.0 A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. | 6.8 |