CVE-2024-6212

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Student Attendance System version 1.0

Description: A vulnerability was found in the function get student of the file student form.php. The manipulation of the argument id leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations: For SourceCodester Simple Student Attendance System version 1.0, consider disabling the get student function in student form.php until a patch is available. Restrict access to the student form.php file to minimize the risk of exploitation. Avoid using the id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.