CVE-2024-33994

Name of the Vulnerable Software and Affected Versions School Event Management System version 1.0

Description A Cross-Site Scripting (XSS) issue exists, allowing an attacker to create a specially crafted URL and send it to a victim to obtain their session details. This is achieved via the view parameter in the "/event/index.php" endpoint.

Recommendations For School Event Management System version 1.0, consider restricting access to the view parameter in the "/event/index.php" endpoint until a patch is available. As a temporary workaround, avoid using the view parameter in the affected endpoint to minimize the risk of exploitation.