Changeweb Unifiedtransform

9 CVEs affecting Changeweb Unifiedtransform. Latest disclosed: 2025-06-04. Critical: 1, High: 1.

Top CVEs affecting Changeweb Unifiedtransform
CVESeverityScorePublishedSummary
CVE-2024-53573Critical9.82025-02-26Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative…
CVE-2025-25614High8.82025-03-10Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
CVE-2025-46204Medium6.52025-06-04An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.
CVE-2025-46203Medium6.52025-06-04An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.
CVE-2025-25620Medium5.42025-03-10Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
CVE-2025-25621Medium4.32025-03-17Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses…
CVE-2025-25616Medium4.32025-03-10Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam…
CVE-2025-25618Low3.32025-03-17Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers.
CVE-2025-25615Low2.72025-03-10Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.