PT-2024-17691 · Unknown · Codeastro University Management System
Azeem_N
·
Published
2024-02-06
·
Updated
2024-05-17
·
CVE-2024-1265
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CodeAstro University Management System version 1.0
Description
A problematic vulnerability has been found in the Attendance Management component, specifically in the file /att add.php. The manipulation of the
Student Name argument leads to cross-site scripting. This issue can be exploited remotely.Recommendations
For CodeAstro University Management System version 1.0, consider disabling the
Student Name argument in the /att add.php file until a patch is available to prevent cross-site scripting attacks. Restrict access to the Attendance Management component to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Codeastro University Management System