Stored Cross-Site Scripting Vulnerability in KASHIPARA E-learning Management System
CVE-2024-50842

Currently unrated

Key Information:

Vendor

KASHIPARA

Status
E-learning Management System
Vendor
CVE Published:
14 November 2024

What is CVE-2024-50842?

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the KASHIPARA E-learning Management System version 1.0. This issue exists in the /admin/school_year.php file, where improper validation of user input allows remote attackers to inject malicious scripts through the 'school_year' parameter. Successful exploitation can lead to unauthorized actions on behalf of users, facilitating data theft, session hijacking, or the distribution of malware.

References

https://github.com/m14r41/Writeups/blob/main/CVE/Kashipar...

Timeline

  • Vulnerability published

.
CVE-2024-50842 : Stored Cross-Site Scripting Vulnerability in KASHIPARA E-learning Management System