Cross Site Scripting Vulnerability in Attendance Management Component
CVE-2024-1265

4.8MEDIUM

Key Information:

Vendor: CodeAstro
Status: University Management System
Vendor: CVE Published:; 7 February 2024

What is CVE-2024-1265?

A cross-site scripting vulnerability exists in the Attendance Management component of CodeAstro University Management System 1.0. The issue arises from inadequate input validation in the '/att_add.php' file, where manipulation of the 'Student Name' argument can lead to the execution of malicious scripts in the context of the user's browser. This vulnerability allows attackers to execute arbitrary JavaScript code remotely, potentially compromising user data and security. Publicly disclosed exploits may pose a significant risk to institutions using this management system.

References

https://vuldb.com/?id.253008

https://vuldb.com/?ctiid.253008

https://drive.google.com/file/d/1AnzEcwDC0AP56i65zCqekFAe...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2024