VYPR

Jenzabar

by Jenzabar

CVEs (5)

  • CVE-2020-8434CriMay 19, 2020
    risk 0.64cvss 9.8epss 0.01

    Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a…

  • CVE-2019-10011CriMar 25, 2019
    risk 0.64cvss 9.8epss 0.02

    ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234.

  • CVE-2019-10012HigMar 25, 2019
    risk 0.49cvss 7.5epss 0.02

    Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder…

  • CVE-2021-26723MedFeb 6, 2021
    risk 0.41cvss 6.1epss 0.11

    Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.

  • CVE-2018-16778MedDec 21, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field).