CVE-2024-0190

Name of the Vulnerable Software and Affected Versions RRJ Nueva Ecija Engineer Online Portal version 1.0

Description A vulnerability was found in the RRJ Nueva Ecija Engineer Online Portal, affecting some unknown processing of the file add quiz.php of the component Quiz Handler. The manipulation of the argument Quiz Title/Quiz Description with the input </title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations As a temporary workaround, consider disabling the add quiz.php file or restricting access to the Quiz Handler component until a patch is available. Avoid using the Quiz Title/Quiz Description argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.