VYPR

PRONOTE

by INDEX-EDUCATION

CVEs (1)

  • CVE-2025-69727MedMar 16, 2026
    risk 0.34cvss 5.3epss 0.00

    An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (index.js and composeUrlImgPhotoIndividu) allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs…