CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-50836

High Severity
Lopalopa
SVRS
49/100
CVSSv3
4.8/10
EPSS
0.00046/1

CVE-2024-50836 is a Cross-Site Scripting (XSS) vulnerability in KASHIPARA E-learning Management System Project 1.0, potentially allowing attackers to inject malicious scripts. This vulnerability affects the /admin/teachers.php page, where the firstname and lastname parameters are susceptible to stored XSS attacks. Although its SVRS is 49, indicating a moderate risk, immediate patching is still recommended to prevent exploitation. Successful exploitation could lead to account compromise, data theft, and defacement of the e-learning platform. This security flaw allows unauthorized execution of arbitrary scripts within the context of legitimate users. The risk associated with XSS vulnerabilities should not be underestimated as it can lead to significant damage. Therefore, organizations should promptly apply the necessary patches or mitigations to address this threat.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:H
UI:R
S:C
C:L
I:L
A:N
PUBLICATION DATE2024-11-14
LAST MODIFIED2024-11-18
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-50836 describes a Stored Cross-Site Scripting (XSS) vulnerability found in the KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts by manipulating the firstname and lastname parameters in the /admin/teachers.php file. This could potentially allow attackers to steal sensitive information, hijack user accounts, or compromise the entire system.

SVRS: 34 This score, while not reaching the critical threshold of 80, indicates a notable vulnerability requiring attention. The SVRS score considers factors beyond the traditional CVSS, such as potential exploitation by threat actors and the availability of associated malware, making it a more comprehensive indicator of real-world risk.

Key Insights

  • Stored XSS: This vulnerability allows attackers to inject malicious scripts that persist on the server, potentially impacting multiple users.
  • Potential for Data Theft and Account Hijacking: Attackers could use this vulnerability to steal user credentials, sensitive data, or even take control of user accounts.
  • System Compromise: In a worst-case scenario, attackers could use this vulnerability to gain full control of the KASHIPARA E-learning Management System, potentially causing significant damage.
  • Lack of CVSS Score: While the CVSS score is 0, the SVRS score of 34 indicates a potentially significant risk due to factors like threat actor interest and potential for exploitation.

Mitigation Strategies

  • Update to Latest Version: If available, update to the latest version of the KASHIPARA E-learning Management System, as it might contain patches addressing this vulnerability.
  • Input Validation and Sanitization: Implement robust input validation and sanitization techniques to prevent malicious script injection.
  • Web Application Firewall (WAF): Deploy a WAF to filter out malicious requests and prevent malicious scripts from reaching the server.
  • Security Awareness Training: Educate users about XSS attacks and how to identify and avoid potentially malicious links or content.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-50836 | Kashipara E-Learning Management System Project 1.0 HTTP POST Request /lms/admin/teachers.php firstname/lastname cross site scripting
vuldb.com2025-02-26
CVE-2024-50836 | Kashipara E-Learning Management System Project 1.0 HTTP POST Request /lms/admin/teachers.php firstname/lastname cross site scripting | A vulnerability, which was classified as problematic, has been found in Kashipara E-Learning Management System Project 1.0. Affected by this issue is some unknown functionality of the file /lms/admin/teachers.php of the component HTTP POST Request Handler. The manipulation of the argument firstname/lastname leads
vuldb.com
rss
forum
news

Social Media

CVE-2024-50836 A Stored Cross-Site Scripting (XSS) vulnerability was found in /lms/admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allow… https://t.co/RyVKKyKbeq
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppLopalopae-learning_management_system

References

ReferenceLink
[email protected]https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20Teachers.pdf

CWE Details

CWE IDCWE NameDescription
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence