CVE-2024-5374 MEDIUM

CVE-2024-5374: Kashipara College Management System submit_new_faculty.php cross site scripting

Vendor Kashipara

Product College Management System

Weakness CWE-79 · XSS

Published May 26, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file submit_new_faculty.php. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266286 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

May 26, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5374 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2020-4061 Cross-site Scripting in OctoberPotential self-XSS when pasting content from malicious websites CVE-2025-31864 WordPress Beam me up Scotty – Back to Top Button plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability CVE-2024-38503 Apache Syncope: HTML tags can be injected into Console or Enduser text fields CVE-2024-11755 IMS Countdown <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-25793 WordPress Link Juice Keeper Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)