CVE-2024-0726

Name of the Vulnerable Software and Affected Versions Project Worlds Student Project Allocation System version 1.0

Description A vulnerability was found in the Admin Login Module, specifically affecting the file admin login.php. The issue allows for cross-site scripting through the manipulation of the msg argument with a malicious input, such as test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E. This can be initiated remotely. The exploit has been publicly disclosed.

Recommendations For Project Worlds Student Project Allocation System version 1.0, as a temporary workaround, consider restricting access to the admin login.php file and the msg argument in the Admin Login Module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.