AMSS++ project AMSS++ 4.31
Approved changes feed: RSS · Atom
cpe:2.3:a:amss\+\+_project:amss\+\+:4.31:*:*:*:*:*:*:*
part: a version: 4.31 update: *
| Vendor | Amss++ Project (4e7526e7-54fb-5afe-b344-75af0ebb71e0) |
|---|---|
| Product | Amss++ (3c81c96d-8ee9-5f77-8175-838da3cc7a27) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-2599 |
vulnerable | 2026-06-08 06:33:31.621023 |
Unrestricted Upload of File with Dangerous Type vulnerability in AMSS++
CRITICAL (9.9)
File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.
Published: 2024-03-18T14:04:15.820Z
Updated: 2024-08-12T20:43:57.207Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2598 |
vulnerable | 2026-06-08 06:33:31.620512 |
Cross-Site Scripting (XSS) in AMSS++
HIGH (7.1)
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/select_send_2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
Published: 2024-03-18T14:02:40.296Z
Updated: 2024-08-01T19:18:48.109Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2597 |
vulnerable | 2026-06-08 06:33:31.620168 |
Cross-Site Scripting (XSS) in AMSS++
HIGH (7.1)
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
Published: 2024-03-18T14:02:17.434Z
Updated: 2025-04-10T20:24:24.645Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2596 |
vulnerable | 2026-06-08 06:33:31.619559 |
Cross-Site Scripting (XSS) in AMSS++
HIGH (7.1)
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/mail/main/select_send.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
Published: 2024-03-18T14:01:50.741Z
Updated: 2024-08-21T17:44:38.201Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2595 |
vulnerable | 2026-06-08 06:33:31.619238 |
Cross-Site Scripting (XSS) in AMSS++
HIGH (7.1)
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
Published: 2024-03-18T14:01:29.372Z
Updated: 2024-08-01T19:18:48.206Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2594 |
vulnerable | 2026-06-08 06:33:31.618916 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2593 |
vulnerable | 2026-06-08 06:33:31.618583 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2592 |
vulnerable | 2026-06-08 06:33:31.618175 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2591 |
vulnerable | 2026-06-08 06:33:31.613692 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2590 |
vulnerable | 2026-06-08 06:33:31.613320 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2589 |
vulnerable | 2026-06-08 06:33:31.612824 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2588 |
vulnerable | 2026-06-08 06:33:31.612352 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2587 |
vulnerable | 2026-06-08 06:33:31.611982 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2586 |
vulnerable | 2026-06-08 06:33:31.611532 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2585 |
vulnerable | 2026-06-08 06:33:31.611017 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2584 |
vulnerable | 2026-06-08 06:33:31.610326 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.