Cross-Site Scripting Vulnerability in ZeroWdd Student Manager Software
CVE-2024-13142

5.1MEDIUM

Key Information:

Vendor: Zerowdd
Status: Studentmanager
Vendor: CVE Published:; 5 January 2025

What is CVE-2024-13142?

A cross-site scripting vulnerability has been identified in the ZeroWdd Student Manager, specifically within the submitAddRole function of the RoleController.java file. An attacker can exploit this issue by manipulating the name parameter, allowing for the execution of malicious scripts in the context of a user’s browser. This vulnerability can be exploited remotely, posing significant risks to users and potentially compromising sensitive information. It is crucial for organizations using this software to implement patches and secure coding practices to mitigate this risk.

Affected Version(s)

studentmanager 1.0

References

https://vuldb.com/?id.290230

vdb-entrytechnical-description

https://vuldb.com/?ctiid.290230

signaturepermissions-required

https://vuldb.com/?submit.469213

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 5, 2025

Credit

LVZC (VulDB User)

Zerowdd

What is CVE-2024-13142?

Affected Version(s)

References

CVSS V4

Timeline

Credit