NotCVE - vendor:"Jayesh"

2 results (0.003 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-40478

https://notcve.org/view.php?id=CVE-2024-40478

09 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/Stored%20XSS.pdf •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-40480

https://notcve.org/view.php?id=CVE-2024-40480

09 Aug 2024 — A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/Broken%20Access%20Control%20-%20Admin%20Dashboard%20and%20User%20Deletion.pdf • CWE-284: Improper Access Control •