PT-2024-25617 · Unknown · School Attendance Monitoring System+1

Rafael Pedrero

Published

2024-08-06

Updated

2024-08-15

CVE-2024-33985

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions School Attendance Monitoring System and School Event Management System version 1.0

Description A Cross-Site Scripting (XSS) issue exists, allowing an attacker to create a specially crafted URL and send it to a victim. This could lead to the obtainment of details of their session cookie via the View parameter in the "/course/index.php" endpoint.

Recommendations For version 1.0, consider disabling access to the "/course/index.php" endpoint until a patch is available, or restrict the use of the View parameter to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-33985

Affected Products

School Attendance Monitoring System

School Management System

PT-2024-25617 · Unknown · School Attendance Monitoring System+1

CVE-2024-33985

Weakness Enumeration

Related Identifiers

Affected Products

References · 4