Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opensis vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-40617
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
Os4ed Opensis 8.0
1 Github repository
9.8
CVSSv3
CVE-2021-40618
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.
Os4ed Opensis 8.0
1 Github repository
7.5
CVSSv3
CVE-2021-40635
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database.
Os4ed Opensis 8.0
9.8
CVSSv3
CVE-2020-6637
openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
Os4ed Opensis 7.3
6.1
CVSSv3
CVE-2021-40637
OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user.
Os4ed Opensis 8.0
7.5
CVSSv3
CVE-2023-38879
The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'.
Os4ed Opensis 9.0
9.8
CVSSv3
CVE-2023-38880
The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisB...
Os4ed Opensis 9.0
6.1
CVSSv3
CVE-2023-38881
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id...
Os4ed Opensis 9.0
6.1
CVSSv3
CVE-2023-38882
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' para...
Os4ed Opensis 9.0
6.1
CVSSv3
CVE-2023-38883
A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' paramet...
Os4ed Opensis 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »