A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields
References
Link | Resource |
---|---|
https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/Stored%20XSS.pdf | Exploit Third Party Advisory |
https://www.kashipara.com/project/php/3/online-exam-php-project-source-code-download | Product |
Configurations
History
16 Sep 2024, 13:46
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CWE | CWE-79 | |
References | () https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Online%20Exam%20System%20v1.0/Stored%20XSS.pdf - Exploit, Third Party Advisory | |
References | () https://www.kashipara.com/project/php/3/online-exam-php-project-source-code-download - Product | |
CPE | cpe:2.3:a:jayesh:online_exam_system:1.0:*:*:*:*:*:*:* | |
First Time |
Jayesh
Jayesh online Exam System |
12 Aug 2024, 13:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-12 13:38
Updated : 2024-09-16 13:46
NVD link : CVE-2024-40478
Mitre link : CVE-2024-40478
CVE.ORG link : CVE-2024-40478
JSON object : View
Products Affected
jayesh
- online_exam_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')