CVE-2022-45221

Name of the Vulnerable Software and Affected Versions Web-Based Student Clearance System version 1.0

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew password parameter in the changepassword.php file. This enables the execution of malicious code, potentially leading to unauthorized access or data manipulation.

Recommendations For Web-Based Student Clearance System version 1.0, consider disabling the changepassword.php file or restricting access to it until a patch is available. Avoid using the txtnew password parameter in the affected changepassword.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.