CVE-2024-3532

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Apr 10, 2024
Updated: May 17, 2024
CWE ID 22

Summary

CVE-2024-3532 is a newly discovered vulnerability affecting the Campcodes Complete Online Student Management System version 1.0. The issue lies within an unknown function of the attendance_view.php file, which can be exploited through manipulation of the argument "FirstRecord." This vulnerability results in cross-site scripting, allowing an attacker to inject malicious code and potentially take control of user sessions. The attack can be executed remotely, increasing the risk for widespread exploitation. The vulnerability has been made public, increasing the urgency for affected organizations to apply patches or mitigations. (VDB-259902)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share