A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 13 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 08 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Lopalopa
Lopalopa responsive School Management System
CPEs cpe:2.3:a:lopalopa:responsive_school_management_system:3.2.0:*:*:*:*:*:*:*
Vendors & Products Lopalopa
Lopalopa responsive School Management System

Wed, 07 Aug 2024 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Kashipara
Kashipara responsive School Management System
Weaknesses CWE-79
CPEs cpe:2.3:a:kashipara:responsive_school_management_system:3.2.0:*:*:*:*:*:*:*
Vendors & Products Kashipara
Kashipara responsive School Management System
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 07 Aug 2024 18:00:00 +0000

Type Values Removed Values Added
Description A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error" parameter.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-13T14:18:18.666Z

Reserved: 2024-07-18T00:00:00

Link: CVE-2024-41240

cve-icon Vulnrichment

Updated: 2024-08-07T20:22:25.400Z

cve-icon NVD

Status : Modified

Published: 2024-08-07T18:15:37.627

Modified: 2024-08-13T15:35:13.190

Link: CVE-2024-41240

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.