PT-2024-39852 · Craig Rodway · Classroombookings
Scream3Gg
·
Published
2024-10-10
·
Updated
2024-10-17
·
CVE-2024-9807
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Craig Rodway Classroombookings version 2.8.7
Description
A vulnerability was found in the processing of the file /sessions of the component Session Page. The manipulation of the argument
Name leads to cross site scripting. The attack may be initiated remotely.Recommendations
For version 2.8.7, upgrade to version 2.8.8 to address this issue. As a temporary workaround, consider restricting access to the
/sessions endpoint until the issue is resolved. Avoid using the Name argument in the affected Session Page component until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Classroombookings