CVE-2024-33990
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Aug 6, 2024
Updated: Aug 15, 2024
CWE ID 79
Summary
CVE-2024-33990 is a Cross-Site Scripting (XSS) vulnerability identified in the School Event Management System version 1.0. This issue allows an attacker to inject malicious JavaScript code into web pages viewed by authenticated users. By exploiting this vulnerability, an attacker can partially take over a user's browser session through the manipulation of the 'id' and 'view' parameters in the '/user/index.php' URL. This can lead to unauthorized access to sensitive information or unintended actions within the affected system.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share