10 matches found
CVE-2026-25812
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...
CVE-2026-25812
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...
CVE-2026-25812 PlaciPy is Missing CSRF Protection on State-Changing Endpoints
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...
CVE-2026-25810
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/student.submission.routes.ts verify authentication but fails to enforce object-level authorization ownership checks...
PT-2026-7162
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization ownership checks. For example, this can be used to return all results for an assessment...
PT-2026-7161
Name of the Vulnerable Software and Affected Versions PlaciPy version 1.0.0 Description PlaciPy is a placement management system for educational institutions. The admin authorization middleware in version 1.0.0 trusts client-controlled JWT claims, specifically the role and scope, without performi...
PT-2026-7157
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access...
PT-2026-7155
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the code evaluation endpoint does not validate the assessment lifecycle state before allowing execution. There is no check to ensure that the assessment has started, is not expired, or the submission...
PT-2026-7158
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism...
CVE-2024-46300
itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting XSS via the Full Name field in registration.php...