2024-11-18
Platform: KASHIPARA E-learning Management System Project
Version: 1.0
Vulnerability: Stored Cross-Site Scripting (XSS)
Severity: Medium
Date: November 14, 2024
A vulnerability exists in KASHIPARA E-learning Management System Project 1.0 that allows remote attackers to inject malicious scripts into the system through the “firstname” and “lastname” parameters in the “/admin/teachers.php” file. This could allow attackers to steal user data, redirect users to malicious websites, or perform other actions on the system.
What Undercode Says:
This vulnerability is rated as medium severity, so
Users of KASHIPARA E-learning Management System Project 1.0 should update to a patched version as soon as it is available.
In the meantime, administrators should be careful about the data they allow to be entered into the “firstname” and “lastname” fields.
Note: This information is for informational purposes only and should not be considered a substitute for professional security advice.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help