CVE-2024-33987

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 6, 2024

Updated: Aug 15, 2024

CWE ID 79

Summary

CVE-2024-33987 is a Cross-Site Scripting (XSS) vulnerability affecting the School Attendance Monitoring System and School Event Management System, versions 1.0. This issue allows an attacker to craft a malicious URL and send it to a victim, potentially stealing their session cookie through the 'Attendance', 'attenddate', 'YearLevel', 'eventdate', 'events', and 'Users' parameters in '/report/index.php'. An attacker could use this vulnerability to gain unauthorized access to the victim's account or perform other malicious actions. Users are advised to update their systems as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vrGmna
https://www.cve.org/CVERecord?id=CVE-2024-33987
https://nvd.nist.gov/vuln/detail/CVE-2024-33987

Back to Vulnerability Database

CVE-2024-33987

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations