CVE-2024-1265

A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253008.
Configurations

Configuration 1 (hide)

cpe:2.3:a:codeastro:university_management_system:1.0:*:*:*:*:*:*:*

History

14 Feb 2024, 18:18

Type Values Removed Values Added
CPE cpe:2.3:a:codeastro:university_management_system:1.0:*:*:*:*:*:*:*
First Time Codeastro
Codeastro university Management System
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8
References () https://drive.google.com/file/d/1AnzEcwDC0AP56i65zCqekFAeYQY6skBH/view?usp=sharing - () https://drive.google.com/file/d/1AnzEcwDC0AP56i65zCqekFAeYQY6skBH/view?usp=sharing - Exploit
References () https://vuldb.com/?ctiid.253008 - () https://vuldb.com/?ctiid.253008 - Permissions Required
References () https://vuldb.com/?id.253008 - () https://vuldb.com/?id.253008 - Permissions Required

07 Feb 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-07 00:15

Updated : 2024-05-17 02:35


NVD link : CVE-2024-1265

Mitre link : CVE-2024-1265

CVE.ORG link : CVE-2024-1265


JSON object : View

Products Affected

codeastro

  • university_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')