CVE-2024-6807

Name of the Vulnerable Software and Affected Versions SourceCodester Student Study Center Desk Management System version 1.0

Description A vulnerability was found in the system, classified as problematic, affecting some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the arguments firstname, middlename, lastname, username leads to cross-site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling the firstname, middlename, lastname, username arguments in the /sscdms/classes/Users.php?f=save file to prevent cross-site scripting attacks until a patch is available. Restrict access to the HTTP POST Request Handler component to minimize the risk of exploitation. Avoid using the affected arguments in the HTTP POST requests to the /sscdms/classes/Users.php?f=save endpoint until the issue is resolved.