VYPR
Vendor

Pearson

Products
4
CVEs
5
Across products
5
Status
Private

Products

4

Recent CVEs

5
  • CVE-2014-1454MedJan 8, 2020
    risk 0.31cvss 4.8epss 0.01

    Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input

  • CVE-2007-1044Feb 21, 2007
    risk 0.04cvss epss 0.09

    Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2.

  • CVE-2015-0972Jun 23, 2015
    risk 0.00cvss epss 0.01

    Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers' installations, which allows remote attackers to modify test metadata or cause a denial of service (test disruption) by leveraging knowledge of this password.

  • CVE-2014-1455Apr 10, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student Information System, possibly 3.3.0.13 and earlier, allows remote attackers to execute arbitrary SQL commands via the new password.

  • CVE-2014-1942Apr 2, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.