CVE-2024-50840

MEDIUM

Lopalopa E-learning Management System - Buffer Overflow

Title source: rule

Description

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20Class.pdf

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0135

EPSS Percentile 80.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

lopalopa/e-learning_management_system 1.0

Published Nov 14, 2024

Tracked Since Feb 18, 2026