Clickedu
by Sanoma
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-40650 | Hig | 0.57 | — | 0.00 | May 26, 2025 | Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards. | ||
| CVE-2026-5010 | Med | 0.33 | — | 0.00 | Mar 27, 2026 | A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”. This vulnerability can be… | ||
| CVE-2025-41070 | Med | 0.31 | — | 0.00 | Dec 1, 2025 | Reflected Cross-site Scripting (XSS) vulnerability in Sanoma's Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL in '/students/carpetes_varies.php'. This vulnerability can be exploited to steal… |
- risk 0.57cvss —epss 0.00
Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards.
- risk 0.33cvss —epss 0.00
A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL using the endpoint “/user.php/”. This vulnerability can be…
- risk 0.31cvss —epss 0.00
Reflected Cross-site Scripting (XSS) vulnerability in Sanoma's Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL in '/students/carpetes_varies.php'. This vulnerability can be exploited to steal…