CVE-2024-50836

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters.
Configurations

Configuration 1 (hide)

cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*

History

18 Nov 2024, 16:38

Type Values Removed Values Added
References () https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20Teachers.pdf - () https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20Teachers.pdf - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8
CPE cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*
CWE CWE-79
First Time Lopalopa e-learning Management System
Lopalopa

15 Nov 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad de Cross Site Scripting (XSS) almacenado en /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. Esta vulnerabilidad permite a atacantes remotos ejecutar secuencias de comandos arbitrarias a través de los parámetros firstname y lastname.

14 Nov 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-14 17:15

Updated : 2024-11-18 18:35


NVD link : CVE-2024-50836

Mitre link : CVE-2024-50836

CVE.ORG link : CVE-2024-50836


JSON object : View

Products Affected

lopalopa

  • e-learning_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')