Armaansidana2003

**Name of the Vulnerable Software and Affected Versions** Unifiedtransform versions 2.x **Description** The issue is related to incorrect access control, which leads to privilege escalation. This allows teachers to update the personal data of fellow teachers. **Recommendations** For Unifiedtransform version 2.x, update the access control mechanism to prevent unauthorized modifications to personal data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unifiedtransform versions 2.X **Description** The issue allows teachers to view the attendance list for all class sections due to incorrect access control. **Recommendations** For Unifiedtransform version 2.X, consider restricting access to the attendance list feature to minimize the risk of unauthorized viewing until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Unifiedtransform versions 2.X **Description** The issue is related to Incorrect Access Control in Unifiedtransform, leading to Privilege Escalation. This allows teachers to create syllabus, which is an unauthorized action. **Recommendations** For Unifiedtransform version 2.X, consider restricting access to the syllabus creation feature until a patch is available. As a temporary workaround, limit the privileges of teachers to prevent them from creating syllabus. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unifiedtransform versions 2.X **Description** The issue is related to Stored Cross-Site Scripting (XSS) in the "Create Assignment" function, allowing attackers to execute malicious scripts in the context of other users. **Recommendations** For Unifiedtransform version 2.X, consider disabling the "Create Assignment" function until a patch is available to prevent exploitation. Restrict access to this function to minimize the risk of malicious script execution.

**Name of the Vulnerable Software and Affected Versions** Unifiedtransform versions 2.X **Description** The issue allows teachers to take attendance of fellow teachers through the endpoint "/courses/teacher/index?teacher id=2&s...". This is due to incorrect access control. **Recommendations** For Unifiedtransform version 2.X, restrict access to the endpoint "/courses/teacher/index?teacher id=2&s..." to prevent unauthorized attendance taking. Consider implementing proper access controls to ensure that teachers can only take attendance for their own classes.