Changeweb Unifiedtransform
9 CVEs affecting Changeweb Unifiedtransform. Latest disclosed: 2025-06-04. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-53573 | Critical | 9.8 | 2025-02-26 | Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative… |
CVE-2025-25614 | High | 8.8 | 2025-03-10 | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers. |
CVE-2025-46204 | Medium | 6.5 | 2025-06-04 | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint. |
CVE-2025-46203 | Medium | 6.5 | 2025-06-04 | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint. |
CVE-2025-25620 | Medium | 5.4 | 2025-03-10 | Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function. |
CVE-2025-25621 | Medium | 4.3 | 2025-03-17 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses… |
CVE-2025-25616 | Medium | 4.3 | 2025-03-10 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam… |
CVE-2025-25618 | Low | 3.3 | 2025-03-17 | Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers. |
CVE-2025-25615 | Low | 2.7 | 2025-03-10 | Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections. |