CVE-2023-38827
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2023-38827 is a Cross-Site Scripting (XSS) vulnerability affecting Follet School Solutions Destiny version 20 and later (au4 and above). An attacker can exploit this flaw in the presentonesearchresultsform.do file to inject and execute malicious scripts in a user's web browser. Successful exploitation allows the attacker to steal sensitive information, perform unauthorized actions, and potentially gain control of the affected user's account. This vulnerability poses a significant risk, as it can be used to launch attacks on both students and staff within an educational institution. It is essential that organizations using Follet School Solutions Destiny apply the necessary patches as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Follett Learning