CVE-2024-54935

Description

A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter.

PUBLISHED Reserved 2024-12-06 | Published 2024-12-09 | Updated 2024-12-10 | Assigner mitre

References

github.com/...ystem project/Stored XSS - student message.pdf exploit

github.com/...ystem project/Stored XSS - student message.pdf

cve.org (CVE-2024-54935)

nvd.nist.gov (CVE-2024-54935)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.