CVE-2024-13143

CVSS 2.0 Score 3.3 of 10 (low)

Details

Published Jan 6, 2025
CWE ID 94
CWE ID 79

Summary

CVE-2024-13143 is a newly disclosed vulnerability in ZeroWdd studentmanager 1.0. This issue, which has been rated as problematic, impacts the "submitAddPermission" function in the file "src/main/java/com/zero/system/controller/PermissionController.java". An attacker can exploit this cross-site scripting (XSS) vulnerability by manipulating the argument "url". The exploit can be initiated remotely, potentially allowing the attacker to inject malicious scripts into unsuspecting users' web browsers. Other parameters in the function may also be affected. It is recommended that users update to the latest version of ZeroWdd studentmanager to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share