Attendance Management System
Monthly
Cross-site scripting in Akpali9 Attendance-Management-System allows a remote, low-privileged attacker to inject malicious JavaScript via the export_date parameter in absent.php, executing in the browser context of any victim user who interacts with attacker-crafted content. All versions up to commit 70b91fe38f4195b701a45f0edcd4f42d5f64aeee are affected; the project's rolling release model means no discrete patched version exists, and the vendor did not respond to disclosure. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis.
Attendance Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting in Akpali9 Attendance-Management-System allows a remote, low-privileged attacker to inject malicious JavaScript via the export_date parameter in absent.php, executing in the browser context of any victim user who interacts with attacker-crafted content. All versions up to commit 70b91fe38f4195b701a45f0edcd4f42d5f64aeee are affected; the project's rolling release model means no discrete patched version exists, and the vendor did not respond to disclosure. No public exploit code has been identified and the vulnerability is not listed in CISA KEV at time of analysis.
Attendance Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.