Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opensis vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-40617
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
Os4ed Opensis 8.0
1 Github repository
7.5
CVSSv2
CVE-2021-40618
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.
Os4ed Opensis 8.0
1 Github repository
5
CVSSv2
CVE-2021-40635
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database.
Os4ed Opensis 8.0
7.5
CVSSv2
CVE-2020-6637
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
Os4ed Opensis 7.3
4.3
CVSSv2
CVE-2021-40637
OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user.
Os4ed Opensis 8.0
NA
CVE-2023-38879
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.
Os4ed Opensis 9.0
NA
CVE-2023-38880
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisB...
Os4ed Opensis 9.0
NA
CVE-2023-38881
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id...
Os4ed Opensis 9.0
NA
CVE-2023-38882
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' para...
Os4ed Opensis 9.0
NA
CVE-2023-38883
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' paramet...
Os4ed Opensis 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »