CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50837
https://notcve.org/view.php?id=CVE-2024-50837
14 Nov 2024 — A Stored Cross-Site Scripting (XSS) vulnerability was found in /lms/admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters in a POST HTTP request. A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname ... • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20admin%20user.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50838
https://notcve.org/view.php?id=CVE-2024-50838
14 Nov 2024 — A Stored Cross-Site Scripting (XSS) vulnerability was found in /lms/admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters in a POST HTTP request. A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters. • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20Department.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50839
https://notcve.org/view.php?id=CVE-2024-50839
14 Nov 2024 — A Stored Cross-Site Scripting (XSS) vulnerability was found in /lms/admin/add_subject.php page in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters in a POST HTTP request. A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the sub... • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20Subject.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50840
https://notcve.org/view.php?id=CVE-2024-50840
14 Nov 2024 — A Stored Cross-Site Scripting (XSS) vulnerability was found in /lms/admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter in a POST HTTP request. A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter. • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20Class.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50841
https://notcve.org/view.php?id=CVE-2024-50841
14 Nov 2024 — A Stored Cross-Site Scripting (XSS) vulnerability was found in /lms/admin/calendar_of_events.php in KASHIPARA E-learning Management System pProject 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end, and title parameters in a POST HTTP request. A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary ... • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20Calendar%20of%20Events.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50842
https://notcve.org/view.php?id=CVE-2024-50842
14 Nov 2024 — A Stored Cross-Site Scripting (XSS) vulnerability was found in /lms/admin/school_year.php of KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter in a POST HTTP request. A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year paramete... • https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20School%20Year.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42797
https://notcve.org/view.php?id=CVE-2024-42797
24 Sep 2024 — An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Delete%20Playlist.pdf • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42794
https://notcve.org/view.php?id=CVE-2024-42794
16 Sep 2024 — Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Save%20User%20%26%20Account%20Takeover.pdf • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42795
https://notcve.org/view.php?id=CVE-2024-42795
16 Sep 2024 — An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20View%20User.pdf • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42796
https://notcve.org/view.php?id=CVE-2024-42796
16 Sep 2024 — An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Delete%20Genre.pdf • CWE-284: Improper Access Control •