cbcvebase.

Idattend Pty Ltd Idweb vulnerabilities

30 known vulnerabilities affecting idattend_pty_ltd/idweb.

Total CVEs
30
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH13MEDIUM5

Vulnerabilities

Page 2 of 2
CVE-2023-27375P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-27375 [HIGH] CWE-306 CVE-2023-27375: Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb ap Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
nvd
CVE-2023-26574P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-26574 [HIGH] CWE-306 CVE-2023-26574: Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earl Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
nvd
CVE-2023-26576P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-26576 [HIGH] CWE-306 CVE-2023-26576: Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 an Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
nvd
CVE-2023-27377P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-27377 [HIGH] CWE-306 CVE-2023-27377: Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’ Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
nvd
CVE-2023-27259P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-27259 [HIGH] CWE-306 CVE-2023-27259: Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.
nvd
CVE-2023-27261P3MEDIUMCVSS 6.5≤ 3.1.0522023-10-25
CVE-2023-27261 [MEDIUM] CWE-306 CVE-2023-27261: Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.0 Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.
nvd
CVE-2023-27256P4MEDIUMCVSS 5.3≤ 3.1.0522023-10-25
CVE-2023-27256 [MEDIUM] CWE-306 CVE-2023-27256: Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earli Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
nvd
CVE-2023-26579P4MEDIUMCVSS 5.3≤ 3.1.0522023-10-25
CVE-2023-26579 [MEDIUM] CWE-306 CVE-2023-26579: Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows dele Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.
nvd
CVE-2023-1356P4MEDIUMCVSS 6.1≤ 3.1.0522023-10-25
CVE-2023-1356 [MEDIUM] CWE-79 CVE-2023-1356: Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.05 Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.
nvd
CVE-2023-26577P4MEDIUMCVSS 5.4≤ 3.1.0522023-10-25
CVE-2023-26577 [MEDIUM] CWE-79 CVE-2023-26577: Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.
nvd
Idattend Pty Ltd Idweb vulnerabilities | cvebase