IDWeb
by IDAttend
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-1356 | 0.00 | — | 0.00 | Oct 25, 2023 | Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link. | |||
| CVE-2023-27260 | 0.00 | — | 0.00 | Oct 25, 2023 | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||
| CVE-2023-27261 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | |||
| CVE-2023-27377 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||
| CVE-2023-27376 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||
| CVE-2023-27375 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||
| CVE-2023-27259 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | |||
| CVE-2023-27258 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | |||
| CVE-2023-27257 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | |||
| CVE-2023-27256 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | |||
| CVE-2023-26577 | 0.00 | — | 0.00 | Oct 25, 2023 | Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user. | |||
| CVE-2023-26576 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||
| CVE-2023-26575 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | |||
| CVE-2023-26574 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||
| CVE-2023-26573 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | |||
| CVE-2023-26571 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | |||
| CVE-2023-26570 | 0.00 | — | 0.00 | Oct 25, 2023 | Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. |
- CVE-2023-1356Oct 25, 2023risk 0.00cvss —epss 0.00
Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.
- CVE-2023-27260Oct 25, 2023risk 0.00cvss —epss 0.00
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
- CVE-2023-27261Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.
- CVE-2023-27377Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
- CVE-2023-27376Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
- CVE-2023-27375Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
- CVE-2023-27259Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.
- CVE-2023-27258Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.
- CVE-2023-27257Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.
- CVE-2023-27256Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
- CVE-2023-26577Oct 25, 2023risk 0.00cvss —epss 0.00
Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.
- CVE-2023-26576Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
- CVE-2023-26575Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
- CVE-2023-26574Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
- CVE-2023-26573Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.
- CVE-2023-26571Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.
- CVE-2023-26570Oct 25, 2023risk 0.00cvss —epss 0.00
Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.