CVE-2024-33986

Name of the Vulnerable Software and Affected Versions School Attendance Monitoring System and School Event Management System version 1.0

Description A Cross-Site Scripting (XSS) issue exists, allowing an attacker to create a specially crafted URL and send it to a victim. This could lead to the obtainment of the victim's session cookie details via the View parameter in the "/department/index.php" endpoint.

Recommendations For version 1.0, consider disabling access to the "/department/index.php" endpoint until a fix is available, or restrict the use of the View parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.