Cross-Site Scripting Vulnerability in ZeroWdd Student Manager Software
CVE-2024-13142

5.1MEDIUM

Key Information:

Vendor

Zerowdd

Status
Studentmanager
Vendor
CVE Published:
5 January 2025

What is CVE-2024-13142?

A cross-site scripting vulnerability has been identified in the ZeroWdd Student Manager, specifically within the submitAddRole function of the RoleController.java file. An attacker can exploit this issue by manipulating the name parameter, allowing for the execution of malicious scripts in the context of a user’s browser. This vulnerability can be exploited remotely, posing significant risks to users and potentially compromising sensitive information. It is crucial for organizations using this software to implement patches and secure coding practices to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

studentmanager 1.0

References

https://vuldb.com/?id.290230
vdb-entrytechnical-description
https://vuldb.com/?ctiid.290230
signaturepermissions-required
https://vuldb.com/?submit.469213
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

Credit

LVZC (VulDB User)
JSON
.