112 matches found
Unifiedtransform 访问控制错误漏洞
Unifiedtransform is an open source school management software from the individual developer Hasib Mahmud. A security vulnerability exists in Unifiedtransform version 2.0, which stems from an access control error that could lead to viewing attendance lists for all classes...
Unifiedtransform 访问控制错误漏洞
Unifiedtransform is an open source school management software from the individual developer Hasib Mahmud. A security vulnerability exists in Unifiedtransform version 2.0 that stems from improper access control and could lead to students modifying exam rules...
CVE-2025-25620
CVE-2025-25620 affects Unifiedtransform 2.0 with a Stored XSS vulnerability in the Create assignment function. The issue enables attacker-controlled scripts to run in other users’ sessions, with PoC details indicating a stored XSS path via assignment creation/uploaded content and impact described...
CVE-2025-25615
Unifiedtransform 2.0 is affected by an incorrect access control vulnerability that allows viewing attendance lists for all class sections. The issue is a confidentiality-related flaw in access control, enabling unauthorized exposure of attendance data without exploitation details provided in the ...
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...
CVE-2025-25616
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?examruleid=1...
CVE-2025-25616
CVE-2025-25616 : Unifiedtransform 2.0 is vulnerable to Incorrect Access Control that allows students to modify exam rules through the endpoint /exams/edit-rule?exam_rule_id=1 . Root cause: improper access control. Documented impact includes high confidentiality and integrity impact with an overal...
CVE-2025-25620
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting XSS in the Create assignment function...
CVE-2025-25614
CVE-2025-25614 affects Unifiedtransform version 2.0 and stems from an Incorrect Access Control flaw that enables privilege escalation, allowing teachers to update other teachers’ personal data. The advisory entries consistently describe this as a data-access control deficiency with high impact (C...
CVE-2025-25615
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections...
CVE-2025-25617
Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus...
CVE-2025-25617
Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus...
CVE-2025-25617
Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus...
CVE-2025-25617
Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus...
CVE-2025-25617
Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus...
Unifiedtransform 访问控制错误漏洞
Unifiedtransform is an open source school management software from Sourceforge Open Source. It allows for comprehensive and efficient management of school operations. A security vulnerability exists in Unifiedtransform 2.X. The vulnerability stems from improper access control and could lead to...
CVE-2025-25617
The CVE-2025-25617 issue affects Unifiedtransform 2.X and is caused by improper access control. This vulnerability enables privilege escalation, allowing teachers to create syllabi. Public details in the provided documents do not specify affected sub-versions, exact root-cause code paths, exploit...
PT-2025-9910 · Unknown · Unifiedtransform
Name of the Vulnerable Software and Affected Versions: Unifiedtransform version 2.0 Description: The issue is related to incorrect access control in Unifiedtransform, leading to privilege escalation. This allows teachers to update the personal data of fellow teachers. Recommendations: For...
Exploit for Cross-site Scripting in Changeweb Unifiedtransform
CVE-2025-25620 Unifiedtransform v2.0 is vulnerable to Stored...
PT-2025-9870 · Unknown · Unifiedtransform
Name of the Vulnerable Software and Affected Versions: Unifiedtransform version 2.0 Description: The issue is related to incorrect access control in Unifiedtransform 2.0, which leads to privilege escalation. This allows teachers to change the section name and room number, permissions that should ...