CVE-2024-13143

Name of the Vulnerable Software and Affected Versions ZeroWdd studentmanager version 1.0

Description A vulnerability was found in the submitAddPermission function of the PermissionController.java file. The manipulation of the url argument leads to cross-site scripting. The attack may be initiated remotely. Other parameters might be affected as well.

Recommendations For ZeroWdd studentmanager version 1.0, consider disabling the submitAddPermission function until a patch is available to prevent cross-site scripting attacks. Restrict access to the PermissionController to minimize the risk of exploitation. Avoid using the url argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.