CVE-2024-33992

Name of the Vulnerable Software and Affected Versions School Event Management System version 1.0

Description A Cross-Site Scripting (XSS) issue affects the system, allowing an attacker to exploit it by sending a specially crafted query to the server. This can lead to the retrieval of all stored information through the view parameter in the "/student/index.php" API endpoint.

Recommendations For School Event Management System version 1.0, consider disabling the view parameter in the "/student/index.php" endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of information retrieval.