Stored Cross-Site Scripting Vulnerability in KASHIPARA E-learning Management System
CVE-2024-50839
Currently unrated
What is CVE-2024-50839?
A vulnerability exists in the KASHIPARA E-learning Management System that enables remote attackers to exploit the application via stored input fields. By manipulating the 'subject_code' and 'title' parameters in the /admin/add_subject.php endpoint, attackers can inject arbitrary JavaScript code, leading to unauthorized execution of scripts on victim browsers when they access the compromised data. Implementing necessary input validation and output encoding practices is essential to mitigate this security risk.