Security Advisory
CVE-2022-28924
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/.