VYPR
Vendor

Institute Of Current Students

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2025-52410CriNov 20, 2025
    risk 0.64cvss 9.8epss 0.00

    Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The `myds` GET parameter is not adequately sanitized before being used in SQL queries.

  • CVE-2025-50870CriAug 1, 2025
    risk 0.64cvss 9.8epss 0.00

    Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address as input and directly returns the corresponding student's personal information without validating the identity or…

  • CVE-2025-50869MedAug 1, 2025
    risk 0.40cvss 6.1epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user input. Authenticated users can inject arbitrary JavaScript code.

  • CVE-2025-51411MedJul 25, 2025
    risk 0.40cvss 6.1epss 0.00

    A reflected cross-site scripting (XSS) vulnerability exists in Institute-of-Current-Students v1.0 via the email parameter in the /postquerypublic endpoint. The application fails to properly sanitize user input before reflecting it in the HTML response. This allows…