CVE-2022-34594

Name of the Vulnerable Software and Affected Versions Advanced School Management System version 1.0

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field. This is achieved through the component "ip/school/moudel/update subject.php", which is vulnerable to cross-site scripting (XSS).

Recommendations For Advanced School Management System version 1.0, consider disabling access to the "ip/school/moudel/update subject.php" component until a patch is available. As a temporary workaround, restrict the ability to inject crafted payloads into the Edit Subject text field to minimize the risk of exploitation.