CVE-2024-33990

Name of the Vulnerable Software and Affected Versions School Event Management System version 1.0

Description A Cross-Site Scripting (XSS) issue exists, allowing an attacker to send a specially crafted javascript payload to an authenticated user, potentially taking over their browser session. This is achieved via the id and view parameters in the "/user/index.php" API endpoint.

Recommendations For School Event Management System version 1.0, as a temporary workaround, consider restricting access to the "/user/index.php" endpoint until a patch is available. Additionally, avoid using the id and view parameters in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.