VYPR

Unifiedtransform

by Changeweb

Source repositories

CVEs (9)

  • CVE-2025-25614HigMar 10, 2025
    risk 0.57cvss 8.8epss 0.01

    Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.

  • CVE-2025-46204MedJun 4, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.

  • CVE-2025-46203MedJun 4, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.

  • CVE-2025-25620MedMar 10, 2025
    risk 0.35cvss 5.4epss 0.01

    Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.

  • CVE-2025-25616MedMar 10, 2025
    risk 0.28cvss 4.3epss 0.00

    Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.

  • CVE-2025-25617MedMar 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus.

  • CVE-2024-12306MedDec 9, 2024
    risk 0.28cvss 4.3epss 0.00

    Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints…

  • CVE-2025-25618LowMar 17, 2025
    risk 0.21cvss 3.3epss 0.00

    Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers.

  • CVE-2025-25615LowMar 10, 2025
    risk 0.18cvss 2.7epss 0.00

    Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.