CVE-2024-13143Cross-site Scripting in Studentmanager

CWE-79Cross-site ScriptingCWE-94Code Injection3 documents3 sources
Severity
5.1MEDIUMNVD
EPSS
0.1%
top 70.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zerowdd Studentmanager
Timeline
PublishedJan 6

Description

A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/PermissionController. java. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5zerowdd/studentmanager1.0

🔴Vulnerability Details

2
GHSA
GHSA-j4jc-69x3-7rr6: A vulnerability was found in ZeroWdd studentmanager 12025-01-06
CVEList
ZeroWdd studentmanager PermissionController. java submitAddPermission cross site scripting2025-01-05
CVE-2024-13143 — Cross-site Scripting in Studentmanager | cvebase