Cross Site Scripting Vulnerability in Follett School Solutions Destiny
CVE-2024-47096

5.1MEDIUM

Key Information:

Vendor: Follet School Solutions
Status: Destiny
Vendor: CVE Published:; 28 May 2026

🔔 Create Follet School Solutions Vulnerability Alert

What is CVE-2024-47096?

A Cross Site Scripting vulnerability exists in Follett School Solutions Destiny prior to version 22.0.1 AU1. This flaw allows remote attackers to execute arbitrary client-side code by manipulating the 'showSupportExpiredMessage' parameter of the 'handleloginform.do' function. If exploited, this vulnerability can lead to unauthorized actions on behalf of users and potential data exposure.

Affected Version(s)

Destiny 0 < 22.0.1 AU1

References

https://www.securin.io/zero-day/cve-2024-47096-reflected-...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
Sep 18, 2024

Credit

Dylan Davis

CVE-2024-47096 Data

JSON