PT-2024-19619 · Genesis · Genesis Aims Student Information Systems+1
Manuel Aldape
·
Published
2024-02-01
·
Updated
2025-01-16
·
CVE-2024-22936
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Genesis AIMS Student Information Systems version 3053
Description
The issue is a cross-site scripting (XSS) vulnerability in the Parents & Student Portal of Genesis School Management Systems. This allows remote attackers to inject arbitrary web script or HTML via the
message parameter.Recommendations
For Genesis AIMS Student Information Systems version 3053, consider restricting access to the vulnerable
message parameter in the Parents & Student Portal until a patch is available. As a temporary workaround, avoid using the message parameter in the affected portal to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Genesis Aims Student Information Systems
Genesis School Management Systems