Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/index.php'.
Metrics
Affected Vendors & Products
References
History
Thu, 15 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Janobe
Janobe school Attendence Monitoring System Janobe school Event Management System |
|
CPEs | cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:* cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Janobe
Janobe school Attendence Monitoring System Janobe school Event Management System |
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2024-08-06T13:02:03.154Z
Updated: 2024-08-06T13:17:50.865Z
Reserved: 2024-04-29T12:38:37.775Z
Link: CVE-2024-33984
Vulnrichment
Updated: 2024-08-06T13:17:45.642Z
NVD
Status : Analyzed
Published: 2024-08-06T13:15:53.693
Modified: 2024-08-15T16:56:33.433
Link: CVE-2024-33984
Redhat
No data.