Vulnerabilities > Os4Ed > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-38881 Cross-site Scripting vulnerability in Os4Ed Opensis 9.0
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year' parameters in 'CalendarModal.php'.
network
low complexity
os4ed CWE-79
6.1
6.1
2023-11-20 CVE-2023-38882 Cross-site Scripting vulnerability in Os4Ed Opensis 9.0
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'
network
low complexity
os4ed CWE-79
6.1
6.1
2023-11-20 CVE-2023-38883 Cross-site Scripting vulnerability in Os4Ed Opensis 9.0
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'.
network
low complexity
os4ed CWE-79
6.1
6.1
2023-02-13 CVE-2022-45962 SQL Injection vulnerability in Os4Ed Opensis 7.3/7.6/8.0
Open Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.
network
low complexity
os4ed CWE-89
6.5
6.5
2022-03-03 CVE-2021-40637 Cross-site Scripting vulnerability in Os4Ed Opensis 8.0
OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php.
network
low complexity
os4ed CWE-79
6.1
6.1
2021-10-11 CVE-2021-40542 Cross-site Scripting vulnerability in Os4Ed Opensis 8.0
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS).
network
low complexity
os4ed CWE-79
6.1
6.1
2021-09-29 CVE-2021-40651 Path Traversal vulnerability in Os4Ed Opensis 8.0
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
network
low complexity
os4ed CWE-22
6.5
6.5
2021-09-24 CVE-2021-40310 Cross-site Scripting vulnerability in Os4Ed Opensis 8.0
OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.
network
low complexity
os4ed CWE-79
5.4
5.4
2021-09-16 CVE-2021-27340 Cross-site Scripting vulnerability in Os4Ed Opensis 7.3/7.6
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.
network
low complexity
os4ed CWE-79
6.1
6.1
2020-12-04 CVE-2020-27409 Cross-site Scripting vulnerability in Os4Ed Opensis 7.3
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.
network
low complexity
os4ed CWE-79
6.1
6.1