VYPR

IDWeb

by IDAttend

CVEs (30)

  • CVE-2023-26577HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.00

    Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.

  • CVE-2023-26576HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

  • CVE-2023-26575HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.

  • CVE-2023-26574HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

  • CVE-2023-26571HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.

  • CVE-2023-26570HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.

  • CVE-2023-1356HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.00

    Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.

  • CVE-2023-27256MedOct 25, 2023
    risk 0.38cvss 5.8epss 0.01

    Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.

  • CVE-2023-27261MedOct 25, 2023
    risk 0.34cvss 5.3epss 0.01

    Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.

  • CVE-2023-26579MedOct 25, 2023
    risk 0.34cvss 5.3epss 0.01

    Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.

Page 2 of 2