CVE-2024-4513 LOW

CVE-2024-4513: Campcodes Complete Web-Based School Management System timetable_update_form.php cross site scripting

Vendor Campcodes

Product Complete Web-Based School Management System

Weakness CWE-79 · XSS

Published May 6, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/timetable_update_form.php. The manipulation of the argument grade leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263117 was assigned to this vulnerability.

Key dates

02Disclosure timeline

May 6, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-4513

Related vulnerabilities

04Related CVE

CVE-2023-32793 WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) CVE-2022-30681 AEM Reflected XSS Arbitrary code execution CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name CVE-2024-13262 View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026 CVE-2025-0826 Stored Cross-site Scripting (XSS) vulnerability affecting 3D Navigate in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x