CVE-2024-33983

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 6, 2024
Updated: Aug 15, 2024
CWE ID 79

Summary

CVE-2024-33983 is a Cross-Site Scripting (XSS) vulnerability discovered in the School Attendance Monitoring System and School Event Management System, versions 1.0. This issue allows an attacker to craft a malicious URL and send it to a victim. If the victim clicks on the URL, the attacker can steal their session cookie information through the 'AttendanceMonitoring/report/attendance_print.php' page, using the parameters 'Attendance', 'attenddate', and 'YearLevel'. This vulnerability poses a significant risk, as session cookies are often used for authentication and authorization, potentially granting unauthorized access to sensitive data.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share