Stored Cross-Site Scripting Vulnerability in KASHIPARA E-learning Management System
CVE-2024-50840
Currently unrated
What is CVE-2024-50840?
A Stored Cross-Site Scripting (XSS) vulnerability exists in the KASHIPARA E-learning Management System version 1.0. This security issue arises from inadequate input validation in the /admin/class.php file, specifically in the handling of the class_name parameter. Remote attackers can exploit this vulnerability to inject and execute arbitrary scripts in the context of the user’s session, potentially leading to unauthorized actions and data exposure.