Security Vulnerabilities
A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-01-01
In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-01-01
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
CVSS Score
5.6
EPSS Score
0.001
Published
2025-12-31
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
CVSS Score
5.6
EPSS Score
0.001
Published
2025-12-31
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-12-31