Stored Cross-Site Scripting Vulnerability in KASHIPARA E-learning Management System

CVE-2024-50840

What is CVE-2024-50840?

A Stored Cross-Site Scripting (XSS) vulnerability exists in the KASHIPARA E-learning Management System version 1.0. This security issue arises from inadequate input validation in the /admin/class.php file, specifically in the handling of the class_name parameter. Remote attackers can exploit this vulnerability to inject and execute arbitrary scripts in the context of the user’s session, potentially leading to unauthorized actions and data exposure.

References