PT-2024-25758 · Sourcecodester · Sourcecodester Computer Laboratory Management System

Amrita2000

Published

2024-05-13

Updated

2025-04-22

CVE-2024-34230

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Sourcecodester Laboratory Management System version 1.0

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. This enables attackers to potentially steal user data or take control of user sessions.

Recommendations For Sourcecodester Laboratory Management System version 1.0, avoid using the System Information parameter until a fix is available. As a temporary workaround, consider validating and sanitizing all user input to prevent malicious payloads from being injected.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-34230

Affected Products

Sourcecodester Computer Laboratory Management System

CVE-2024-34230

Weakness Enumeration

Related Identifiers

Affected Products

References · 4