Products
School Event Management System
- 1.0
Source
cve-coordination@incibe.es
Tags
CVE-2024-33989 details
Published : Aug. 6, 2024, 1:15 p.m.
Last Modified : Aug. 6, 2024, 4:30 p.m.
Last Modified : Aug. 6, 2024, 4:30 p.m.
Description
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via theĀ 'eventdate' and 'events' parameters in 'port/event_print.php'.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.1 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
Base Score
7.1
Exploitability Score
2.8
Impact Score
3.7
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
References
| URL | Source |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products | cve-coordination@incibe.es |
This website uses the NVD API, but is not approved or certified by it.