PT-2023-17084 · Sourcecodester · Student Study Center Desk Management System
Published
2023-03-22
·
Updated
2024-09-07
·
CVE-2023-1568
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Student Study Center Desk Management System version 1.0
Description
A problematic issue has been discovered, affecting an unknown function of the file /admin/reports/index.php, specifically the GET Parameter Handler component. The manipulation of the
date to argument leads to cross-site scripting. This issue can be exploited remotely.Recommendations
For version 1.0, consider restricting access to the
/admin/reports/index.php endpoint until a fix is available. As a temporary workaround, avoid using the date to argument in the affected API endpoint to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Student Study Center Desk Management System