CVE-2023-51800

Name of the Vulnerable Software and Affected Versions School Fees Management System version 1.0

Description A Cross Site Scripting (XSS) issue allows a remote attacker to execute arbitrary code via a crafted payload to the main settings component in the phone, address, bank, acc name, acc number parameters, new class and cname parameter, add new parent function in the name and email parameters, new term function in the tname parameter, and the edit student function in the name parameter.

Recommendations As a temporary workaround, consider disabling the main settings component and the add new parent, new term, and edit student functions until a patch is available. Restrict access to the vulnerable parameters phone, address, bank, acc name, acc number, name, email, cname, and tname to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.