Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/report/attendance_print.php'.
Metrics
Affected Vendors & Products
References
History
Thu, 15 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Janobe
Janobe school Attendence Monitoring System Janobe school Event Management System |
|
CPEs | cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:* cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Janobe
Janobe school Attendence Monitoring System Janobe school Event Management System |
Thu, 08 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2024-08-06T13:04:16.980Z
Updated: 2024-08-08T15:47:25.790Z
Reserved: 2024-04-29T12:38:37.776Z
Link: CVE-2024-33988
Vulnrichment
Updated: 2024-08-08T15:47:19.226Z
NVD
Status : Analyzed
Published: 2024-08-06T13:15:54.547
Modified: 2024-08-15T16:56:51.767
Link: CVE-2024-33988
Redhat
No data.