First published: Fri Aug 09 2024(Updated: )
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Kashipara Online Exam System | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-40478 has been classified as a medium severity Stored Cross Site Scripting (XSS) vulnerability.
To fix CVE-2024-40478, ensure proper input validation and output encoding for the 'rname' and 'email' parameters in the /admin/afeedback.php file.
CVE-2024-40478 affects Kashipara Online Exam System version 1.0.
Stored Cross Site Scripting in CVE-2024-40478 allows attackers to inject malicious scripts that are stored on the server and executed in the context of users who access the affected page.
Yes, CVE-2024-40478 can be exploited remotely by attackers to execute arbitrary code on vulnerable installations.