CVE-2024-33991

Name of the Vulnerable Software and Affected Versions School Event Management System version 1.0

Description A Cross-Site Scripting (XSS) issue affects the system, allowing an attacker to exploit it by sending a specially crafted query to the server. This can lead to the retrieval of all stored information through the view parameter in the "/eventwinner/index.php" API endpoint.

Recommendations For School Event Management System version 1.0, consider restricting access to the /eventwinner/index.php endpoint until a patch is available, and avoid using the view parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.