PT-2024-28865 · Unknown · Kashipara Online Exam System
Published
2024-08-09
·
Updated
2024-09-16
·
CVE-2024-40478
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Kashipara Online Exam System version 1.0
Description
A Stored Cross Site Scripting (XSS) issue was found in the "/admin/afeedback.php" endpoint, allowing remote attackers to execute arbitrary code via the
rname and email parameter fields. This could lead to account compromise.Recommendations
For Kashipara Online Exam System version 1.0, patch immediately and validate all user input to prevent exploitation. As a temporary workaround, consider restricting access to the "/admin/afeedback.php" endpoint and validating the
rname and email parameters to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kashipara Online Exam System