Changeweb

changeweb

9 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Unifiedtransform

unifiedtransform

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-46204 1Changeweb 1Unifiedtransform Jun 10, 2025 Jun 4, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.
CVE-2025-46203 1Changeweb 1Unifiedtransform Jun 10, 2025 Jun 4, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.
CVE-2025-25621 1Changeweb 1Unifiedtransform Jun 24, 2025 Mar 17, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1.
CVE-2025-25618 1Changeweb 1Unifiedtransform Jun 24, 2025 Mar 17, 2025 N/A· v4 3.3 LOW· v3 N/A· v2 Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers.
CVE-2025-25620 1Changeweb 1Unifiedtransform Jun 23, 2025 Mar 10, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
CVE-2025-25614 1Changeweb 1Unifiedtransform Jun 23, 2025 Mar 10, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
CVE-2025-25616 1Changeweb 1Unifiedtransform Mar 13, 2025 Mar 10, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.
CVE-2025-25615 1Changeweb 1Unifiedtransform Mar 13, 2025 Mar 10, 2025 N/A· v4 2.7 LOW· v3 N/A· v2 Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.
CVE-2024-53573 1Changeweb 1Unifiedtransform Apr 7, 2025 Feb 26, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/{id}.