School Event Management System Janobe School Event Management System

  1. Vendors
  2. Janobe
  3. School Event Management System

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Janobe School Event Management System.

By the Year

In 2026 there have been 0 vulnerabilities in Janobe School Event Management System. School Event Management System did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 28 6.93

It may take a day or so for new School Event Management System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Janobe School Event Management System Security Vulnerabilities

XSS in School Event Management System v1.0 via 'view' param
CVE-2024-33994 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'.

XSS

School Attendance Monitoring System v1.0 XSS via StudentID parameter
CVE-2024-33982 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID' parameter in '/AttendanceMonitoring/student/controller.php'.

XSS

CrossSite Scripting in School Attendance Monitor 1.0 via attendance_print.php
CVE-2024-33983 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/attendance_print.php'.

XSS

XSS in School Attendance Monitoring 1.0 via AttendanceParams /report/index.php
CVE-2024-33984 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/index.php'.

XSS

XSS in School Attendance Sys v1.0 via /course/index.php View param
CVE-2024-33985 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php'.

XSS

School Attendance Monitoring 1.0 XSS via View param in /department/index.php
CVE-2024-33986 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/department/index.php'.

XSS

School Attendance Monitoring System XSS via URL params (1.0)
CVE-2024-33987 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate', 'YearLevel', 'eventdate', 'events', 'Users' and 'YearLevel' parameters in '/report/index.php'.

XSS

CVE-2024-33988 XSS via 'Attendance' param in School Monitoring v1.0
CVE-2024-33988 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/report/attendance_print.php'.

XSS

SchoolEventMS v1.0 XSS via eventdate/events on port/event_print.php
CVE-2024-33989 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'eventdate' and 'events' parameters in 'port/event_print.php'.

XSS

XSS in School Event Management System v1.0 via /user/index.php 'id'/'view' params
CVE-2024-33990 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'id' and 'view' parameters in '/user/index.php'.

XSS

School Event Mgmt Sys v1.0 XSS via 'view' param in eventwinner/index.php
CVE-2024-33991 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'.

XSS

XSS in School Event Mgmt Sys v1.0 via 'view' param
CVE-2024-33992 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/student/index.php'.

XSS

SEMS 1.0 XSS via 'view' param /candidate/index.php
CVE-2024-33993 6.1 - Medium - August 06, 2024

Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'.

XSS

SQLi in PayPal Payment Module v1.0 via attendance_print.php
CVE-2024-33973 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/report/attendance_print.php' parameter.

SQL Injection

SQLi in PayPal Payment Module v1.0 /admin/mod_reservation/controller.php
CVE-2024-33961 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/controller.php' parameter.

SQL Injection

SQL Injection in PayPal Payment Module 1.0 via /admin/mod_reservation/index.php
CVE-2024-33962 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/index.php' parameter.

SQL Injection

SQL injection in PayPal CC Pay Plugin 1.0 via /admin/mod_room/index.php
CVE-2024-33963 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_room/index.php' parameter.

SQL Injection

SQLi in PayPal Payment Module v1.0 via /admin/mod_users/index.php
CVE-2024-33964 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_users/index.php' parameter.

SQL Injection

SQLi in tubigangarden 1.0 mod_accomodation Admin
CVE-2024-33965 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in '/tubigangarden/admin/mod_accomodation/index.php' parameter.

SQL Injection

SQLi in PayPal Payment Module v1.0 via xtsearch (/admin/mod_reports/index.php)
CVE-2024-33966 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in '/admin/mod_reports/index.php' parameter.

SQL Injection

SQLi in PayPal Payment v1.0 via Attendance Report
CVE-2024-33967 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/attendance_print.php' parameter.

SQL Injection

SQL Injection in PayPal Payment Module v1.0 (AttendanceMonitoring/index.php)
CVE-2024-33968 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/index.php' parameter.

SQL Injection

SQLi in AttendanceMonitoring 1.0 (PayPal/CC/DC payment /id param)
CVE-2024-33969 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/AttendanceMonitoring/department/index.php' parameter.

SQL Injection

SQLi in PayPal CC/DD Payment v1.0 via /candidate/controller.php 'studid'
CVE-2024-33970 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'studid' in '/candidate/controller.php' parameter.

SQL Injection

SQLi in PayPal Payment Gateway 1.0 via /login.php before 1.0
CVE-2024-33971 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter.

SQL Injection

SQL Injection in PayPal/Credit Card Payment v1.0 via event_print.php
CVE-2024-33972 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'events' in '/report/event_print.php' parameter.

SQL Injection

PayPal Payment Module v1.0: SQLi via /report/printlogs.php
CVE-2024-33974 9.8 - Critical - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Users in '/report/printlogs.php' parameter.

SQL Injection

CVE-2024-33959: SQLi in PayPal Payment v1.0 via printreport.php
CVE-2024-33959 7.5 - High - August 06, 2024

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'categ' in '/admin/mod_reports/printreport.php' parameter.

SQL Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Janobe School Event Management System or by Janobe? Click the Watch button to subscribe.

Janobe
Vendor

Janobe School Event Management System
Product

subscribe