5 matches found
CVE-2024-32405
This CVE (CVE-2024-32405) affects Inducer Relate prior to 2024.1. A Cross Site Scripting (XSS) flaw exists in the InlineMultiQuestion/Answer handling within the Exam function, allowing a remote attacker to escalate privileges via a crafted payload. Root cause: unsanitized input in the Answer fiel...
CVE-2024-32406
Relate Relate Learning and Teaching System (inducer relate) prior to 2024.1 is affected by a Server-Side Template Injection (SSTI) in the Batch-Issue Exam Tickets function, enabling remote arbitrary code execution. Concrete details across sources specify the vulnerability in inducer relate before...
CVE-2024-32404
CVE-2024-32404 affects inducer relate versions prior to 2024.1. The vulnerability is a Server-Side Template Injection (SSTI) in the Markup Sandbox feature that could allow remote attackers to execute arbitrary code. Connected sources confirm the issue and reference remediation guidance, notably t...
CVE-2024-32407
The CVE-2024-32407 issue affects Inducer Relate before version 2024.1. The vulnerability allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. Red Hat and PT Security references confirm affected versions and advise applying the fix by upgrading to 2...
CVE-2026-41588
RELATE is a web-based courseware package. CVE-2026-41588 describes a timing attack in the authentication path: in course/auth.py, function check_sign_in_key(), present prior to commit 2f68e16. The issue has been patched by that commit. CVSS 3.1 vector indicates network attack with high impact on ...