CVE-2024-4524 LOW

CVE-2024-4524: Campcodes Complete Web-Based School Management System student_payment_invoice.php cross site scripting

Vendor Campcodes
Product Complete Web-Based School Management System
Weakness CWE-79 · XSS
Published May 6, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263127.

Key dates

02Disclosure timeline

May 6, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-1456 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities CVE-2025-3899 CVE-2024-0726 Project Worlds Student Project Allocation System Admin Login Module admin_login.php cross site scripting CVE-2024-3161 Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget CVE-2025-10558 Stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x