IDWeb
by IDAttend
CVEs (30)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-26577 | Hig | 0.49 | 7.5 | 0.00 | Oct 25, 2023 | Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user. | ||
| CVE-2023-26576 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2023 | Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | ||
| CVE-2023-26575 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2023 | Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | ||
| CVE-2023-26574 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2023 | Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | ||
| CVE-2023-26571 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2023 | Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | ||
| CVE-2023-26570 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2023 | Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | ||
| CVE-2023-1356 | Hig | 0.49 | 7.5 | 0.00 | Oct 25, 2023 | Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link. | ||
| CVE-2023-27256 | Med | 0.38 | 5.8 | 0.01 | Oct 25, 2023 | Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | ||
| CVE-2023-27261 | Med | 0.34 | 5.3 | 0.01 | Oct 25, 2023 | Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | ||
| CVE-2023-26579 | Med | 0.34 | 5.3 | 0.01 | Oct 25, 2023 | Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. |
- risk 0.49cvss 7.5epss 0.00
Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.
- risk 0.49cvss 7.5epss 0.01
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
- risk 0.49cvss 7.5epss 0.01
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.
- risk 0.49cvss 7.5epss 0.01
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
- risk 0.49cvss 7.5epss 0.01
Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.
- risk 0.49cvss 7.5epss 0.01
Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
- risk 0.49cvss 7.5epss 0.00
Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.
- risk 0.38cvss 5.8epss 0.01
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
- risk 0.34cvss 5.3epss 0.01
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.
- risk 0.34cvss 5.3epss 0.01
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.
Page 2 of 2