CVE-2024-33986

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 6, 2024

Updated: Aug 15, 2024

CWE ID 79

Summary

CVE-2024-33986 is a Cross-Site Scripting (XSS) vulnerability affecting versions 1.0 of the School Attendance Monitoring System and School Event Management System. This issue allows an attacker to create a malicious URL and send it to a victim, potentially gaining access to their session cookie through the 'View' parameter in the '/department/index.php' file. Successful exploitation of this vulnerability could lead to unauthorized access to sensitive data or account takeover. Users are advised to update to the latest version of the software or implement XSS protection measures to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vrGmnY
https://www.cve.org/CVERecord?id=CVE-2024-33986
https://nvd.nist.gov/vuln/detail/CVE-2024-33986

Back to Vulnerability Database

CVE-2024-33986

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations