CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

112 matches found

Cvelist•added 2024/12/09 8:49 a.m.•14 views

CVE-2024-12305 Object-Level Access Control Vulnerability Allows Unauthorized Access to Student Grades in Unifiedtransform

An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the studentid parameter in the marks viewing endpoint. The...

4.3CVSS0.00169EPSS

Exploits0References1

CNNVD•added 2024/12/09 12:0 a.m.•2 views

Unifiedtransform 安全漏洞

Unifiedtransform is an open source school management software from the individual developer Hasib Mahmud. A security vulnerability exists in Unifiedtransform version 2.0 and prior versions that stems from an object-level access control vulnerability allowing unauthorized access to student grades...

4.3CVSS6.7AI score0.00169EPSS

Exploits0References1

CNNVD•added 2024/12/09 12:0 a.m.•3 views

Unifiedtransform 安全漏洞

Unifiedtransform is an open source school management software from Sourceforge Open Source. It allows for comprehensive and efficient management of school operations. A security vulnerability exists in Unifiedtransform version 2.0 and prior versions, which stems from multiple access control...

4.3CVSS6.8AI score0.00169EPSS

Exploits0References1

Positive Technologies•added 2024/12/09 12:0 a.m.•2 views

PT-2024-17537 · Unknown · Unifiedtransform

Name of the Vulnerable Software and Affected Versions: Unifiedtransform versions 2.0 and earlier Description: A function-level access control issue exists due to missing access control checks in the student editing functionality, allowing teachers to modify student personal data without proper...

4.3CVSS6.9AI score0.00134EPSS

Exploits0References6

CNNVD•added 2024/12/09 12:0 a.m.•2 views

Unifiedtransform 安全漏洞

Unifiedtransform is an open source school management software from the individual developer Hasib Mahmud. A security vulnerability exists in Unifiedtransform version 2.0 and prior versions that stems from a functional-level access control vulnerability that allows teachers to modify personal...

4.3CVSS6.6AI score0.00134EPSS

Exploits0References1

NVD•added 2024/04/09 8:15 p.m.•9 views

CVE-2024-27665

Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting XSS via file upload feature in Syllabus module...

5.4CVSS5.5AI score0.00244EPSS

Exploits1References1

Vulnrichment•added 2024/04/09 12:0 a.m.•12 views

CVE-2024-27665

Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting XSS via file upload feature in Syllabus module...

5.9AI score0.00244EPSS

Exploits1References1

CNNVD•added 2024/04/09 12:0 a.m.•1 views

Unifiedtransform 安全漏洞

Unifiedtransform is an open source school management software from Sourceforge Open Source. It allows for comprehensive and efficient management of school operations. A security vulnerability exists in Unifiedtransform v2.X, which stems from vulnerability to stored cross-site scripting XSS attack...

5.4CVSS5.8AI score0.00244EPSS

Exploits1References2

Cvelist•added 2024/04/09 12:0 a.m.•15 views

CVE-2024-27665

Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting XSS via file upload feature in Syllabus module...

5.7AI score0.00244EPSS

Exploits1References1

GithubExploit•added 2024/03/11 4:46 a.m.•44 views

Exploit for CVE-2024-27665

CVE-2024-27665 Unifiedtransform v2.X is vulnerable to Stored...

5.4CVSS5.5AI score0.00244EPSS

Exploits1

Positive Technologies•added 2024/03/11 12:0 a.m.•5 views

PT-2024-21983 · Unknown · Unifiedtransform

Name of the Vulnerable Software and Affected Versions: Unifiedtransform versions 2.X Description: The issue is related to Stored Cross-Site Scripting XSS via the file upload feature in the Syllabus module. This allows for malicious scripts to be stored and executed on the server. No information i...

5.4CVSS5.7AI score0.00244EPSS

Exploits1References5

Huntr•added 2021/07/26 6:33 p.m.•12 views

Cross-Site Request Forgery (CSRF) in changeweb/unifiedtransform

✍️ Description When you don't set the SameSite attribute of cookies the browsers have special act in front of this issue.I mean set default value on it chrome and chromium based browsers set the attribute "Lax" that mean if you do add/delete/alter operation in a get HTTP request then your site mor...

1.3AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by