PT-2024-29320 · Unknown · Kashipara Responsive School Management System
Published
2024-08-07
·
Updated
2024-08-08
·
CVE-2024-41242
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Kashipara Responsive School Management System version 3.2.0
Description
A Reflected Cross Site Scripting (XSS) issue was discovered in the /smsa/student login.php endpoint, allowing remote attackers to execute arbitrary code via the
error parameter. This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized actions.Recommendations
For Kashipara Responsive School Management System version 3.2.0, consider disabling the
error parameter in the /smsa/student login.php endpoint until a patch is available to prevent exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kashipara Responsive School Management System