CVE-2024-6374

EPSS 0.35%
Veröffentlicht 27.06.2024 14:15:17
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

lahirudanushka School Management System Subject Page subject.php cross site scripting

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic. This issue affects some unknown processing of the file /subject.php of the component Subject Page. The manipulation of the argument Subject Title/Sybillus Details leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269807.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 8

CNA 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerlahirudanushka

≫

Produkt school_management_system

Default Statusunknown

Version 1.0.1

Status affected

Herstellerlahirudanushka

≫

Produkt school_management_system

Default Statusunknown

Version 1.0.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.262

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://secretive-agate-23c.notion.site/School-Management-System-PHP-MySQL-stored-1-0-1-Stored-XSS-41c9f85f307441c5885fb0df3d3fcc08

https://secretive-agate-23c.notion.site/School-Management-System-PHP-MySQL-stored-1-0-1-XSS-50088f0ed9e94efda9c57772ce192980

https://vuldb.com/?ctiid.269807

https://vuldb.com/?id.269807

https://vuldb.com/?submit.364874

https://nvd.nist.gov/vuln/detail/CVE-2024-6374

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6374

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6374

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-6374