Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25621 | 1 Changeweb | 1 Unifiedtransform | 2025-06-24 | N/A | 4.3 MEDIUM |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1. | |||||
| CVE-2025-25618 | 1 Changeweb | 1 Unifiedtransform | 2025-06-24 | N/A | 3.3 LOW |
| Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers. | |||||
| CVE-2025-25620 | 1 Changeweb | 1 Unifiedtransform | 2025-06-23 | N/A | 5.4 MEDIUM |
| Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function. | |||||
| CVE-2025-25614 | 1 Changeweb | 1 Unifiedtransform | 2025-06-23 | N/A | 8.8 HIGH |
| Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers. | |||||
| CVE-2025-46203 | 1 Changeweb | 1 Unifiedtransform | 2025-06-10 | N/A | 6.5 MEDIUM |
| An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint. | |||||
| CVE-2025-46204 | 1 Changeweb | 1 Unifiedtransform | 2025-06-10 | N/A | 6.5 MEDIUM |
| An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint. | |||||
| CVE-2024-53573 | 1 Changeweb | 1 Unifiedtransform | 2025-04-07 | N/A | 9.8 CRITICAL |
| Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/{id}. | |||||
| CVE-2025-25616 | 1 Changeweb | 1 Unifiedtransform | 2025-03-13 | N/A | 4.3 MEDIUM |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. | |||||
| CVE-2025-25615 | 1 Changeweb | 1 Unifiedtransform | 2025-03-13 | N/A | 2.7 LOW |
| Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. | |||||