CVE-2024-28276

Name of the Vulnerable Software and Affected Versions Sourcecodester School Task Manager version 1.0

Description The issue is related to Cross Site Scripting (XSS) via the add-task.php endpoint, specifically the task name parameter. This allows for potential malicious script injection. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For Sourcecodester School Task Manager version 1.0, consider restricting access to the add-task.php endpoint or validating and sanitizing the task name parameter to prevent XSS attacks. As a temporary workaround, avoid using the task name parameter in the affected endpoint until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this issue.