Vulnerabilities > Os4Ed > Opensis > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-38881 Cross-site Scripting vulnerability in Os4Ed Opensis 9.0
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year' parameters in 'CalendarModal.php'.
network
low complexity
os4ed CWE-79
6.1
2023-11-20 CVE-2023-38882 Cross-site Scripting vulnerability in Os4Ed Opensis 9.0
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'
network
low complexity
os4ed CWE-79
6.1
2023-11-20 CVE-2023-38883 Cross-site Scripting vulnerability in Os4Ed Opensis 9.0
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'.
network
low complexity
os4ed CWE-79
6.1
2023-02-13 CVE-2022-45962 SQL Injection vulnerability in Os4Ed Opensis 7.3/7.6/8.0
Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.
network
low complexity
os4ed CWE-89
6.5
2022-04-11 CVE-2022-27041 SQL Injection vulnerability in Os4Ed Opensis 8.0
Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.
network
low complexity
os4ed CWE-89
5.0
2022-03-03 CVE-2021-40637 Cross-site Scripting vulnerability in Os4Ed Opensis 8.0
OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php.
network
os4ed CWE-79
4.3
2022-03-03 CVE-2021-40635 SQL Injection vulnerability in Os4Ed Opensis 8.0
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php.
network
low complexity
os4ed CWE-89
5.0
2022-03-03 CVE-2021-40636 SQL Injection vulnerability in Os4Ed Opensis 8.0
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database.
network
low complexity
os4ed CWE-89
5.0
2021-11-30 CVE-2021-41678 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database.
network
os4ed CWE-89
6.8
2021-11-30 CVE-2021-41679 SQL Injection vulnerability in Os4Ed Opensis 8.0
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database.
network
os4ed CWE-89
6.8