Idattend Pty Ltd Idweb vulnerabilities
30 known vulnerabilities affecting idattend_pty_ltd/idweb.
Total CVEs
30
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH13MEDIUM5
Vulnerabilities
Page 2 of 2
CVE-2023-27375P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-27375 [HIGH] CWE-306 CVE-2023-27375: Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb ap
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
nvd
CVE-2023-26574P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-26574 [HIGH] CWE-306 CVE-2023-26574: Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earl
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
nvd
CVE-2023-26576P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-26576 [HIGH] CWE-306 CVE-2023-26576: Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 an
Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.
nvd
CVE-2023-27377P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-27377 [HIGH] CWE-306 CVE-2023-27377: Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’
Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
nvd
CVE-2023-27259P3HIGHCVSS 7.5≤ 3.1.0522023-10-25
CVE-2023-27259 [HIGH] CWE-306 CVE-2023-27259: Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052
Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.
nvd
CVE-2023-27261P3MEDIUMCVSS 6.5≤ 3.1.0522023-10-25
CVE-2023-27261 [MEDIUM] CWE-306 CVE-2023-27261: Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.0
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.
nvd
CVE-2023-27256P4MEDIUMCVSS 5.3≤ 3.1.0522023-10-25
CVE-2023-27256 [MEDIUM] CWE-306 CVE-2023-27256: Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earli
Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.
nvd
CVE-2023-26579P4MEDIUMCVSS 5.3≤ 3.1.0522023-10-25
CVE-2023-26579 [MEDIUM] CWE-306 CVE-2023-26579: Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows dele
Missing authentication in the DeleteStaff method in IDAttend’s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.
nvd
CVE-2023-1356P4MEDIUMCVSS 6.1≤ 3.1.0522023-10-25
CVE-2023-1356 [MEDIUM] CWE-79 CVE-2023-1356: Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.05
Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.
nvd
CVE-2023-26577P4MEDIUMCVSS 5.4≤ 3.1.0522023-10-25
CVE-2023-26577 [MEDIUM] CWE-79 CVE-2023-26577: Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers
Stored cross-site scripting in the IDAttend’s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.
nvd
← Previous2 / 2