CVE-2025-26158

Medium CVSS: 5.6

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter.

Vendor

Kashipara

Product

Online Attendance Management System

CWE

CWE-79

Yayın Tarihi

2025-02-14 17:15:22

Güncelleme

2025-06-06 17:58:29

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Online Attendance Management System MEDIUM Kashipara 2025

Referanslar

https://github.com/rtnthakur/CVE/blob/main/Kashipara/README.md

Benzer Kayıtlar

Medium

CVE-2026-26464

Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, w…

Medium

CVE-2024-44651

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recover_email parameter in user_password_recover.…

Medium

CVE-2024-44653

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php.

Medium

CVE-2024-44652

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email, username, user_firstname, user_lastna…

Medium

CVE-2024-46334

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword par…

Medium

CVE-2024-46336

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php.