A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Affected by this issue is some unknown functionality of the file /Admin/Proses_Edit_Akun.php of the component Backend. The manipulation of the argument Username_Baru/Password leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00063}

epss

{'score': 0.00066}


Wed, 06 Nov 2024 23:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:romadebrian:web-sekolah:1.0:*:*:*:*:*:*:*

Tue, 05 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Romadebrian
Romadebrian web-sekolah
CPEs cpe:2.3:a:romadebrian:web-sekolah:*:*:*:*:*:*:*:*
Vendors & Products Romadebrian
Romadebrian web-sekolah
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 05 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
Description A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Affected by this issue is some unknown functionality of the file /Admin/Proses_Edit_Akun.php of the component Backend. The manipulation of the argument Username_Baru/Password leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Title romadebrian WEB-Sekolah Backend Proses_Edit_Akun.php cross site scripting
Weaknesses CWE-707
CWE-74
CWE-79
References
Metrics cvssV2_0

{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:N/I:P/A:N'}

cvssV3_0

{'score': 2.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 2.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2024-11-05T16:23:05.167Z

Reserved: 2024-11-05T07:34:07.913Z

Link: CVE-2024-10842

cve-icon Vulnrichment

Updated: 2024-11-05T16:22:59.866Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-05T14:15:14.543

Modified: 2024-11-06T22:43:19.327

Link: CVE-2024-10842

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.