Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26576 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-27256 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 5.3 MEDIUM |
| Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | |||||
| CVE-2023-26571 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | |||||
| CVE-2023-27261 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 6.5 MEDIUM |
| Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | |||||
| CVE-2023-27377 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-26570 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-27257 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | |||||
| CVE-2023-26573 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 9.1 CRITICAL |
| Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | |||||
| CVE-2023-27375 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-27258 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | |||||
| CVE-2023-27259 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | |||||
| CVE-2023-26574 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-26575 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | |||||
| CVE-2023-27376 | 1 Idattend | 1 Idweb | 2024-09-25 | N/A | 7.5 HIGH |
| Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | |||||
| CVE-2023-1356 | 1 Idattend | 1 Idweb | 2023-10-31 | N/A | 6.1 MEDIUM |
| Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link. | |||||
| CVE-2023-27262 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-26580 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 7.5 HIGH |
| Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | |||||
| CVE-2023-26577 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user. | |||||
| CVE-2023-26572 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||
| CVE-2023-27255 | 1 Idattend | 1 Idweb | 2023-10-28 | N/A | 9.1 CRITICAL |
| Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | |||||