Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Os4ed Subscribe
Filtered by product Opensis

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-38883 1 Os4ed 1 Opensis 2023-11-30 N/A 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'.
CVE-2023-38882 1 Os4ed 1 Opensis 2023-11-30 N/A 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'
CVE-2023-38881 1 Os4ed 1 Opensis 2023-11-30 N/A 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or 'year' parameters in 'CalendarModal.php'.
CVE-2021-40542 1 Os4ed 1 Opensis 2021-10-18 4.3 MEDIUM 6.1 MEDIUM
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.
CVE-2021-40651 1 Os4ed 1 Opensis 2021-10-07 4.0 MEDIUM 6.5 MEDIUM
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
CVE-2021-40310 1 Os4ed 1 Opensis 2021-09-30 3.5 LOW 5.4 MEDIUM
OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.
CVE-2021-27340 1 Os4ed 1 Opensis 2021-09-27 4.3 MEDIUM 6.1 MEDIUM
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.
CVE-2020-27409 1 Os4ed 1 Opensis 2020-12-07 4.3 MEDIUM 6.1 MEDIUM
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.