CVE-2024-27665

MEDIUM

Unifiedtransform v2.X - Stored Cross-Site Scripting via Syllabus Module File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-27665. PoCs published by Thirukrishnan.

AI-analyzed exploit summary This repository provides a proof-of-concept for CVE-2024-27665, a stored XSS vulnerability in Unifiedtransform v2.X via file upload in the Syllabus module. The PoC includes steps to reproduce the vulnerability but does not contain executable exploit code.

Description

Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module.

Exploits (1)

nomisec WRITEUP
by Thirukrishnan · poc
https://github.com/Thirukrishnan/CVE-2024-27665

This repository provides a proof-of-concept for CVE-2024-27665, a stored XSS vulnerability in Unifiedtransform v2.X via file upload in the Syllabus module. The PoC includes steps to reproduce the vulnerability but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Unifiedtransform v2.X
Auth required
Prerequisites: Access to the application · Valid credentials · Ability to upload files in the Syllabus module
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 5.4
EPSS 0.0043
EPSS Percentile 34.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Published Apr 09, 2024
Tracked Since Feb 18, 2026