Enterprise Resource Planning

enterprise_resource_planning

Vendor: Web School • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-30114 1Web School 1Enterprise Resource Planning Jun 17, 2026 Apr 8, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validat...Show more Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege.Show less
CVE-2021-30113 1Web School 1Enterprise Resource Planning Jun 17, 2026 Apr 8, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, the...Show more A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website.Show less
CVE-2021-30112 1Web School 1Enterprise Resource Planning Jun 17, 2026 Apr 8, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The applicat...Show more Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege.Show less
CVE-2021-30111 1Web School 1Enterprise Resource Planning Jun 17, 2026 Apr 8, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events,...Show more A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed.Show less