Unifiedtransform
by Changeweb
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-25614 | Hig | 0.57 | 8.8 | 0.01 | Mar 10, 2025 | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers. | ||
| CVE-2025-46204 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2025 | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint. | ||
| CVE-2025-46203 | Med | 0.42 | 6.5 | 0.00 | Jun 4, 2025 | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint. | ||
| CVE-2025-25620 | Med | 0.35 | 5.4 | 0.01 | Mar 10, 2025 | Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function. | ||
| CVE-2025-25616 | Med | 0.28 | 4.3 | 0.00 | Mar 10, 2025 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1. | ||
| CVE-2025-25617 | Med | 0.28 | 4.3 | 0.00 | Mar 7, 2025 | Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus. | ||
| CVE-2024-12306 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2024 | Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints… | ||
| CVE-2025-25618 | Low | 0.21 | 3.3 | 0.00 | Mar 17, 2025 | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers. | ||
| CVE-2025-25615 | Low | 0.18 | 2.7 | 0.00 | Mar 10, 2025 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. |
- risk 0.57cvss 8.8epss 0.01
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
- risk 0.42cvss 6.5epss 0.00
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.
- risk 0.42cvss 6.5epss 0.00
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.
- risk 0.35cvss 5.4epss 0.01
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
- risk 0.28cvss 4.3epss 0.00
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.
- risk 0.28cvss 4.3epss 0.00
Incorrect Access Control in Unifiedtransform 2.X leads to Privilege Escalation allowing teachers to create syllabus.
- risk 0.28cvss 4.3epss 0.00
Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints…
- risk 0.21cvss 3.3epss 0.00
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers.
- risk 0.18cvss 2.7epss 0.00
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.