Lucene search
K
InducerRelate

5 matches found

CVE
CVE
added 2024/04/22 12:0 a.m.71 views

CVE-2024-32405

This CVE (CVE-2024-32405) affects Inducer Relate prior to 2024.1. A Cross Site Scripting (XSS) flaw exists in the InlineMultiQuestion/Answer handling within the Exam function, allowing a remote attacker to escalate privileges via a crafted payload. Root cause: unsanitized input in the Answer fiel...

2.6CVSS6.7AI score0.00501EPSS
CVE
CVE
added 2024/04/26 12:0 a.m.55 views

CVE-2024-32406

Relate Relate Learning and Teaching System (inducer relate) prior to 2024.1 is affected by a Server-Side Template Injection (SSTI) in the Batch-Issue Exam Tickets function, enabling remote arbitrary code execution. Concrete details across sources specify the vulnerability in inducer relate before...

7.5CVSS8AI score0.01109EPSS
CVE
CVE
added 2024/04/26 12:0 a.m.53 views

CVE-2024-32404

CVE-2024-32404 affects inducer relate versions prior to 2024.1. The vulnerability is a Server-Side Template Injection (SSTI) in the Markup Sandbox feature that could allow remote attackers to execute arbitrary code. Connected sources confirm the issue and reference remediation guidance, notably t...

6CVSS8.1AI score0.00797EPSS
CVE
CVE
added 2024/04/22 12:0 a.m.46 views

CVE-2024-32407

The CVE-2024-32407 issue affects Inducer Relate before version 2024.1. The vulnerability allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. Red Hat and PT Security references confirm affected versions and advise applying the fix by upgrading to 2...

8.8CVSS7.8AI score0.01099EPSS
CVE
CVE
added 2026/05/08 2:51 p.m.19 views

CVE-2026-41588

RELATE is a web-based courseware package. CVE-2026-41588 describes a timing attack in the authentication path: in course/auth.py, function check_sign_in_key(), present prior to commit 2f68e16. The issue has been patched by that commit. CVSS 3.1 vector indicates network attack with high impact on ...

9CVSS5.7AI score0.00362EPSS