Description
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do.
Published: 2026-05-28
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Follet School Solutions Destiny contains a reflected cross‑site scripting flaw that is triggered by the site parameter of the handleloginform.do endpoint. A remote attacker can supply a malicious payload in that parameter, causing the victim’s browser to execute arbitrary JavaScript. This can lead to session hijacking, data theft, or defacement of the interface, compromising data confidentiality and integrity for users who interact with the affected page.

Affected Systems

The vulnerability affects Follet School Solutions Destiny versions prior to 22.0.1 AU1. Users running any earlier build should verify that they are on a later release or have applied a vendor‑issued fix.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate severity and the EPSS score is not available, but the vulnerability is publicly reachable via a web endpoint that does not require authentication. It is listed outside the CISA KEV catalog, suggesting no confirmed widespread exploitation yet. Nonetheless, the ability to execute arbitrary client‑side code poses significant risk to all users of the affected system.

Generated by OpenCVE AI on May 28, 2026 at 09:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch that upgrades Follet School Solutions Destiny to version 22.0.1 AU1 or later.
  • If a patch is not immediately available, sanitize the site parameter on handleloginform.do to remove or neutralize script tags before processing.
  • Configure a web application firewall or similar filtering mechanism to block malicious input patterns targeting the site parameter until the patch is deployed.

Generated by OpenCVE AI on May 28, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 28 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Follet School Solutions
Follet School Solutions destiny
Vendors & Products Follet School Solutions
Follet School Solutions destiny

Thu, 28 May 2026 08:45:00 +0000

Type Values Removed Values Added
Description Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do.
Title Reflected Cross-Site Scripting in Follet School Solutions Destiny
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Follet School Solutions Destiny
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-28T12:09:00.450Z

Reserved: 2024-09-18T15:52:22.556Z

Link: CVE-2024-47097

cve-icon Vulnrichment

Updated: 2026-05-28T12:08:56.469Z

cve-icon NVD

Status : Deferred

Published: 2026-05-28T09:16:30.013

Modified: 2026-05-28T18:56:36.823

Link: CVE-2024-47097

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T09:30:06Z

Weaknesses