Zerowdd Studentmanager

XSS in ZeroWdd StudentManager addLeave Reason Field
CVE-2026-2201 2.4 - Low - February 09, 2026

A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The manipulation of the argument Reason for Leave leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The code repository of the project has not been active for many years.

XSS

ZeroWdd studentmanager 1.0 Remote Improper Auth via /getTeacherList
CVE-2025-3587 8.8 - High - April 14, 2025

A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

XSS in ZeroWdd StudentManager 1.0: submitAddPermission URL arg
CVE-2024-13143 - January 06, 2025

A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/PermissionController. java. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

XSS

ZeroWdd StudentManager 1.0 XSS via RoleController submitAddRole
CVE-2024-13142 4.8 - Medium - January 05, 2025

A vulnerability was found in ZeroWdd studentmanager 1.0. It has been declared as problematic. This vulnerability affects the function submitAddRole of the file src/main/java/com/zero/system/controller/RoleController. java. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely.

XSS

ZeroWdd StudentMgr 1.0 Java Unrestricted Upload via TeacherCtrl
CVE-2024-13134 - January 05, 2025

A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Affected is the function addTeacher/editTeacher of the file src/main/Java/com/wdd/studentmanager/controller/TeacherController. java. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Authorization

ZeroWdd StudentManager 1.0 Unrestricted File Upload CVE-2024-13133
CVE-2024-13133 - January 05, 2025

A vulnerability, which was classified as critical, has been found in ZeroWdd studentmanager 1.0. This issue affects the function addStudent/editStudent of the file src/main/Java/com/wdd/studentmanager/controller/StudentController. java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Authorization

ZeroWdd StudentManager v1.0 XSS in username param
CVE-2023-39094 5.4 - Medium - August 21, 2023

Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function.

XSS