CVE-2024-33994

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Aug 6, 2024
CWE ID 79

Summary

CVE-2024-33994 is a Cross-Site Scripting (XSS) vulnerability affecting the School Event Management System version 1.0. An attacker can exploit this issue by crafting a malicious URL and sending it to a victim. Upon clicking the link, the victim's browser could be manipulated to expose their session details through the 'view' parameter in '/event/index.php', potentially leading to unauthorized access to the system. This vulnerability poses a significant risk and should be addressed promptly by updating to a patched version of the software.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share