CVE-2024-33982

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 6, 2024
Updated: Aug 15, 2024
CWE ID 79

Summary

CVE-2024-33982 is a Cross-Site Scripting (XSS) vulnerability identified in the School Attendance Monitoring System and School Event Management System, impacting version 1.0. An attacker can exploit this issue by creating a malicious URL and sending it to a victim. Upon clicking the URL, the attacker may gain unauthorized access to the victim's session cookie through the 'StudentID' parameter in '/AttendanceMonitoring/student/controller.php'. This vulnerability poses a serious risk as it allows attackers to steal sensitive information, potentially leading to identity theft or unauthorized system access. Users are advised to upgrade to the latest system version or implement appropriate security measures to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share