PT-2021-24137 · Unknown · Attendance Management System

Published

2021-12-26

Updated

2022-01-05

CVE-2021-44598

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Attendance Management System version 1.0

Description: The issue allows an attacker to access the system using the XSS-reflected method. This is achieved by injecting information into the admin account, exploiting the fact that the value of the FirstRecord request parameter is copied into an HTML tag attribute encapsulated in double quotation marks.

Recommendations: For Attendance Management System version 1.0, consider restricting access to the FirstRecord request parameter to minimize the risk of exploitation. Avoid using the FirstRecord parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-44598

Affected Products

Attendance Management System

PT-2021-24137 · Unknown · Attendance Management System

CVE-2021-44598

Weakness Enumeration

Related Identifiers

Affected Products

References · 3