CVE-2024-4721 MEDIUM

CVE-2024-4721: Campcodes Complete Web-Based School Management System add_student_subject.php cross site scripting

Vendor Campcodes
Product Complete Web-Based School Management System
Weakness CWE-79 · XSS
Published May 10, 2024
Last update August 1, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /model/add_student_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263799.

Key dates

02Disclosure timeline

May 10, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-1412 Memberpress <= 1.11.24 - Reflected Cross-Site Scripting via message and error CVE-2024-53272 GHSL-2024-109: Reflected XSS in /login in habitica CVE-2024-52454 WordPress GoQMieruca plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability CVE-2024-13377 GravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter CVE-2023-35155 XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email