PT-2024-24132 · Unknown · Computer Laboratory Management System
Emirhan Mutlu
·
Published
2024-04-09
·
Updated
2024-07-03
·
CVE-2024-31544
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Computer Laboratory Management System version 1.0
Description
A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary JavaScript code by including malicious payloads into
remarks, borrower name, faculty department parameters in "/classes/Master.php?f=save record" API endpoint.Recommendations
For Computer Laboratory Management System version 1.0, consider disabling the parameters
remarks, borrower name, faculty department in the "/classes/Master.php?f=save record" API endpoint until a patch is available. Restrict access to the Master.php file to minimize the risk of exploitation. Avoid using the parameters remarks, borrower name, faculty department in the affected API endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Computer Laboratory Management System