45 matches found
CVE-2024-41246
An Incorrect Access Control vulnerability was found in /smsa/admindashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard...
CVE-2024-41252
An Incorrect Access Control vulnerability was found in /smsa/adminstudentregisterapproval.php and /smsa/adminstudentregisterapprovalsubmit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration...
CVE-2024-41238
A SQL injection vulnerability in /smsa/studentlogin.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter...
CVE-2024-41247
An Incorrect Access Control vulnerability was found in /smsa/addclass.php and /smsa/addclasssubmit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry...
EUVD-2024-55086
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via the formuser and formpassword parameters in /adminLogin.php...
CVE-2024-46334
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via the formuser and formpassword parameters in /adminLogin.php...
CVE-2024-46336
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via /clientuser/feedback.php...
CVE-2024-46336
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via /clientuser/feedback.php...
PT-2025-47171
Name of the Vulnerable Software and Affected Versions kashipara School Management System version 1.0 Description The software is susceptible to Cross Site Scripting XSS attacks. The issue is located in the /client user/feedback.php endpoint. An attacker could potentially inject malicious scripts...
CVE-2024-46336
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via /clientuser/feedback.php...
CVE-2024-46334
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via the formuser and formpassword parameters in /adminLogin.php...
CVE-2024-46334
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via the formuser and formpassword parameters in /adminLogin.php...
CVE-2024-46334
CVE-2024-46334 affects Kashipara School Management System 1.0. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable through the parameters formuser and formpassword in /adminLogin.php . The root cause is unvalidated/sanitized user input in this login endpoint, enabling scripts to be...
EUVD-2024-55094
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting XSS via /clientuser/feedback.php...
PT-2025-47170
Name of the Vulnerable Software and Affected Versions kashipara School Management System version 1.0 Description The software is susceptible to Cross Site Scripting XSS. The issue affects the /adminLogin.php endpoint, specifically through the formuser and formpassword parameters. Successful...
CVE-2024-46336
CVE-2024-46336 affects Kashipara School Management System 1.0. The vulnerability is a Cross Site Scripting (XSS) flaw in /client_user/feedback.php caused by an unvalidated parameter. The issue is documented across Red Hat, NVD, CNNVD and CVE listings with a CVSS v3.1 base score of 6.1 (Medium). N...
EUVD-2024-38988
Malicious code in bioql PyPI...
CVE-2024-41236
A SQL injection vulnerability in /smsa/adminlogin.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page...
CVE-2024-41250
An Incorrect Access Control vulnerability was found in /smsa/viewstudents.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details...
CVE-2024-41245
An Incorrect Access Control vulnerability was found in /smsa/viewteachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details...