Stored Cross-Site Scripting Vulnerability in KASHIPARA E-learning Management System
CVE-2024-50838

Currently unrated

Key Information:

Vendor

KASHIPARA

Status
E-learning Management System
Vendor
CVE Published:
14 November 2024

What is CVE-2024-50838?

A Stored Cross-Site Scripting vulnerability exists in the KASHIPARA E-learning Management System's /admin/department.php file. This flaw enables remote attackers to inject and execute arbitrary JavaScript or HTML code through the manipulation of the 'd' and 'pi' parameters, potentially compromising user sessions or exposing sensitive information.

References

https://github.com/m14r41/Writeups/blob/main/CVE/Kashipar...

Timeline

  • Vulnerability published

.
CVE-2024-50838 : Stored Cross-Site Scripting Vulnerability in KASHIPARA E-learning Management System