CVE-2024-34240

Name of the Vulnerable Software and Affected Versions QDOCS Smart School version 7.0.0

Description The issue is related to Cross Site Scripting (XSS), which results in arbitrary code execution in admin functions, specifically when adding or updating records. This could potentially allow an attacker to execute malicious code on the system.

Recommendations For QDOCS Smart School version 7.0.0, consider disabling admin functions related to adding or updating records until a patch is available. Restrict access to these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.