Jenzabar
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-8434 | Cri | 0.64 | 9.8 | 0.01 | May 19, 2020 | Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a… | ||
| CVE-2019-10011 | Cri | 0.64 | 9.8 | 0.02 | Mar 25, 2019 | ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. | ||
| CVE-2019-10012 | Hig | 0.49 | 7.5 | 0.02 | Mar 25, 2019 | Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder… | ||
| CVE-2021-26723 | Med | 0.41 | 6.1 | 0.11 | Feb 6, 2021 | Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. | ||
| CVE-2018-16778 | Med | 0.40 | 6.1 | 0.01 | Dec 21, 2018 | Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field). |
- risk 0.64cvss 9.8epss 0.01
Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a…
- risk 0.64cvss 9.8epss 0.02
ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234.
- risk 0.49cvss 7.5epss 0.02
Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder…
- risk 0.41cvss 6.1epss 0.11
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field).