CVE-2024-1834Cross-site Scripting in Simple Student Attendance System

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
CNA3.5
EPSS
0.2%
top 55.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Simple Student Attendance SystemOretnom23 Simple Student Attendance System
Timeline
PublishedFeb 23

Description

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as problematic. This affects an unknown part of the file ?page=attendance&class_id=1. The manipulation of the argument class_date with the input 2024-02-23%22%3E%3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254625 was assigned to this vulnerabilit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-mmg2-vff3-5c3f: A vulnerability was found in SourceCodester Simple Student Attendance System 12024-02-23
CVEList
SourceCodester Simple Student Attendance System ?page=attendance&class_id=1 cross site scripting2024-02-23
CVE-2024-1834 — Cross-site Scripting | cvebase