CVE-2024-34224

Name of the Vulnerable Software and Affected Versions Computer Laboratory Management System version 1.0

Description The issue concerns a Cross Site Scripting vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters in the /php-lms/classes/Users.php?f=save API endpoint.

Recommendations For Computer Laboratory Management System version 1.0, as a temporary workaround, consider validating and sanitizing the firstname, middlename, lastname parameters to prevent injection of malicious scripts. Restrict access to the /php-lms/classes/Users.php?f=save endpoint until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.