CVE-2024-33989

Name of the Vulnerable Software and Affected Versions School Event Management System version 1.0

Description A Cross-Site Scripting (XSS) issue exists, allowing an attacker to partially take over an authenticated user's browser session. This can be achieved by sending a specially crafted javascript payload. The issue is related to the eventdate and events parameters in the "port/event print.php" endpoint.

Recommendations For School Event Management System version 1.0, as a temporary workaround, consider restricting access to the "port/event print.php" endpoint to minimize the risk of exploitation. Avoid using the eventdate and events parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.