RSS   Podatności dla 'Xinhe teaching platform system'   RSS

2021-10-15
 
CVE-2021-42329

CWE-79
 

 
The �??List_Add�?� function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user�??s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.

 
 
CVE-2021-42330

CWE-285
 

 
The �??Teacher Edit�?� function of ShinHer StudyOnline System does not perform authority control. After logging in with user�??s privilege, remote attackers can access and edit other users�?? credential and personal information by crafting URL parameters.

 
 
CVE-2021-42331

CWE-285
 

 
The �??Study Edit�?� function of ShinHer StudyOnline System does not perform permission control. After logging in with user�??s privilege, remote attackers can access and edit other users�?? tutorial schedule by crafting URL parameters.

 
 
CVE-2021-42332

CWE-285
 

 
The �??List View�?� function of ShinHer StudyOnline System is not under authority control. After logging in with user�??s privilege, remote attackers can access the content of other users�?? message boards by crafting URL parameters.

 


Copyright 2024, cxsecurity.com

 

Back to Top