CVE-2024-7218

CWE-79Cross-site Scripting (XSS)CWE-94Code Injection3 documents3 sources
Severity
5.1MEDIUM
EPSS
0.1%
top 74.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Campcodes School LOG Management SystemSourcecodester School LOG Management SystemOretnom23 School LOG Management System
Timeline
PublishedJul 30

Description

A flaw has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=save_student. Executing manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-7ggq-cf75-fcfc: A vulnerability was found in SourceCodester School Log Management System 12024-07-30
CVEList
SourceCodester/Campcodes School Log Management System ajax.php cross site scripting2024-07-30
CVE-2024-7218 (MEDIUM CVSS 5.1) | A flaw has been found in SourceCode | cvebase.io