← Back

Web School

web-school

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Enterprise Resource Planning
enterprise_resource_planning
4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-30114
1Web School
1Enterprise Resource Planning
Jun 17, 2026
Apr 8, 2021
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validat...Show more
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege.Show less
CVE-2021-30113
1Web School
1Enterprise Resource Planning
Jun 17, 2026
Apr 8, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, the...Show more
A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website.Show less
CVE-2021-30112
1Web School
1Enterprise Resource Planning
Jun 17, 2026
Apr 8, 2021
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The applicat...Show more
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege.Show less
CVE-2021-30111
1Web School
1Enterprise Resource Planning
Jun 17, 2026
Apr 8, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events,...Show more
A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed.Show less