CVE-2024-1970

Name of the Vulnerable Software and Affected Versions SourceCodester Online Learning System V2 version 1.0

Description A problematic issue was found in the software, affecting an unknown function of the file /index.php. The manipulation of the page argument leads to cross-site scripting. It is possible to launch the attack remotely. The issue has been disclosed to the public.

Recommendations For version 1.0, consider disabling the affected function in /index.php until a patch is available. Restrict access to the /index.php file to minimize the risk of exploitation. Avoid using the page argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.