CVE-2024-41241

Name of the Vulnerable Software and Affected Versions Kashipara Responsive School Management System version 3.2.0

Description A Reflected Cross Site Scripting (XSS) issue was discovered in the "/smsa/admin login.php" endpoint, allowing remote attackers to execute arbitrary code via the error parameter. This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized actions.

Recommendations For Kashipara Responsive School Management System version 3.2.0, as a temporary workaround, consider restricting access to the "/smsa/admin login.php" endpoint until a patch is available. Avoid using the error parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.