Genesis · Genesis Aims Student Information Systems · CVE-2024-22936
**Name of the Vulnerable Software and Affected Versions**
Genesis AIMS Student Information Systems version 3053
**Description**
The issue is a cross-site scripting (XSS) vulnerability in the Parents & Student Portal of Genesis School Management Systems. This allows remote attackers to inject arbitrary web script or HTML via the `message` parameter.
**Recommendations**
For Genesis AIMS Student Information Systems version 3053, consider restricting access to the vulnerable `message` parameter in the Parents & Student Portal until a patch is available. As a temporary workaround, avoid using the `message` parameter in the affected portal to minimize the risk of exploitation.