CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-28924

An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.5%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

https://suumcuique.org/blog/posts/information-disclosure-vulnerability-universis
https://suumcuique.org/blog/posts/information-disclosure-vulnerability-universis

Products affected by CVE-2022-28924

Universis » Universis-Students » Version: Any

cpe:2.3:a:universis:universis-students:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-28924

Products

Pricing

Contact Us