CVE-2024-33982

Name of the Vulnerable Software and Affected Versions School Attendance Monitoring System version 1.0 School Event Management System version 1.0

Description A Cross-Site Scripting (XSS) issue affects the system, allowing an attacker to create a specially crafted URL and send it to a victim to obtain details of their session cookie via the StudentID parameter in "/AttendanceMonitoring/student/controller.php". This could compromise student data.

Recommendations For version 1.0 of School Attendance Monitoring System and School Event Management System, patch immediately and validate inputs to prevent exploitation. As a temporary workaround, consider restricting access to the /AttendanceMonitoring/student/controller.php endpoint until a patch is available. Avoid using the StudentID parameter in the affected API endpoint until the issue is resolved.