CVE-2024-0189

Name of the Vulnerable Software and Affected Versions RRJ Nueva Ecija Engineer Online Portal version 1.0

Description A vulnerability has been found in the RRJ Nueva Ecija Engineer Online Portal, affecting the file teacher message.php of the component Create Message Handler. The manipulation of the argument Content with the input </title><scRipt>alert(x)</scRipt> leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For RRJ Nueva Ecija Engineer Online Portal version 1.0, as a temporary workaround, consider disabling the Create Message Handler component until a patch is available. Restrict access to the teacher message.php file to minimize the risk of exploitation. Avoid using the Content argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.