Stored Cross-Site Scripting Vulnerability in KASHIPARA E-learning Management System
CVE-2024-50841

Currently unrated

Key Information:

Vendor

KASHIPARA

Status
E-learning Management System
Vendor
CVE Published:
14 November 2024

What is CVE-2024-50841?

A Stored Cross-Site Scripting (XSS) vulnerability exists in the KASHIPARA E-learning Management System within the /admin/calendar_of_events.php file. This flaw allows remote attackers to inject and execute arbitrary scripts by manipulating the parameters date_start, date_end, and title. Exploitation of this vulnerability can lead to unauthorized actions performed on behalf of users, potentially compromising user data and overall application integrity.

References

https://github.com/m14r41/Writeups/blob/main/CVE/Kashipar...

Timeline

  • Vulnerability published

.
CVE-2024-50841 : Stored Cross-Site Scripting Vulnerability in KASHIPARA E-learning Management System