Vulnerabilities (CVE)

Filtered by vendor Arox Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-32118	1 Arox	1 School Erp Pro	2022-07-22	N/A	6.1 MEDIUM
Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php.
CVE-2020-8505	1 Arox	1 School Management Software Php\/mysql	2020-02-05	4.3 MEDIUM	6.5 MEDIUM
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
CVE-2020-8504	1 Arox	1 School Management Software Php\/mysql	2020-02-05	4.3 MEDIUM	6.5 MEDIUM
School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user.