CVE-2023-1356

Name of the Vulnerable Software and Affected Versions IDWeb application versions 3.1.052 and earlier

Description The issue is related to reflected cross-site scripting in the StudentSearch component, allowing attackers to hijack a user's browsing session if the user clicks on a malicious link. This can be achieved by convincing the user to click on the link.

Recommendations For versions 3.1.052 and earlier, consider disabling the StudentSearch component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of session hijacking. Avoid using links from untrusted sources to mitigate the risk.