CVE-2024-4678

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Published May 14, 2024

Updated: Jun 4, 2024

CWE ID 79

Summary

CVE-2024-4678 is a newly disclosed vulnerability affecting the Campcodes Complete Web-Based School Management System version 1.0. This issue lies in an unidentified functionality of the file "/view/find_friends.php." An attacker can manipulate the argument "my_type" to execute cross-site scripting (XSS) attacks remotely. The exploit for this vulnerability has been made public, increasing the risk of exploitation. The associated identifier for this issue is VDB-263599.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/v1mS0V
https://www.cve.org/CVERecord?id=CVE-2024-4678
https://nvd.nist.gov/vuln/detail/CVE-2024-4678

Back to Vulnerability Database

CVE-2024-4678

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations