Approved changes feed: RSS · Atom

cpe:2.3:a:amssplus:amss++:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAmssplus (4a0be946-8ccc-507e-9930-8c97de38883c)
ProductAmss++ (3237fa7d-e5db-5eb5-b7e1-7389b20b9475)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-2599 vulnerable 2026-06-08 06:33:31.620995 Unrestricted Upload of File with Dangerous Type vulnerability in AMSS++
CRITICAL (9.9)
File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure.
Published: 2024-03-18T14:04:15.820Z
Updated: 2024-08-12T20:43:57.207Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2598 vulnerable 2026-06-08 06:33:31.620483 Cross-Site Scripting (XSS) in AMSS++
HIGH (7.1)
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/select_send_2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
Published: 2024-03-18T14:02:40.296Z
Updated: 2024-08-01T19:18:48.109Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2597 vulnerable 2026-06-08 06:33:31.620130 Cross-Site Scripting (XSS) in AMSS++
HIGH (7.1)
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
Published: 2024-03-18T14:02:17.434Z
Updated: 2025-04-10T20:24:24.645Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2596 vulnerable 2026-06-08 06:33:31.619527 Cross-Site Scripting (XSS) in AMSS++
HIGH (7.1)
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/mail/main/select_send.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
Published: 2024-03-18T14:01:50.741Z
Updated: 2024-08-21T17:44:38.201Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2595 vulnerable 2026-06-08 06:33:31.619210 Cross-Site Scripting (XSS) in AMSS++
HIGH (7.1)
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials.
Published: 2024-03-18T14:01:29.372Z
Updated: 2024-08-01T19:18:48.206Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2594 vulnerable 2026-06-08 06:33:31.618888 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2593 vulnerable 2026-06-08 06:33:31.618550 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2592 vulnerable 2026-06-08 06:33:31.618041 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2591 vulnerable 2026-06-08 06:33:31.613670 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2590 vulnerable 2026-06-08 06:33:31.613292 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2589 vulnerable 2026-06-08 06:33:31.612800 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2588 vulnerable 2026-06-08 06:33:31.612329 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2587 vulnerable 2026-06-08 06:33:31.611844 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2586 vulnerable 2026-06-08 06:33:31.611505 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2585 vulnerable 2026-06-08 06:33:31.610988 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2584 vulnerable 2026-06-08 06:33:31.609602 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-37135 vulnerable 2026-06-08 05:25:50.224307 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.