CVE-2024-41239

A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field.
Configurations

Configuration 1 (hide)

cpe:2.3:a:lopalopa:responsive_school_management_system:3.2.0:*:*:*:*:*:*:*

History

08 Aug 2024, 19:04

Type Values Removed Values Added
CPE cpe:2.3:a:lopalopa:responsive_school_management_system:3.2.0:*:*:*:*:*:*:*
References () https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/Stored%20XSS.pdf - () https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/Stored%20XSS.pdf - Exploit, Third Party Advisory
References () https://www.kashipara.com/project/php/12362/responsive-school-management-system-php-project-source-code - () https://www.kashipara.com/project/php/12362/responsive-school-management-system-php-project-source-code - Product
First Time Lopalopa
Lopalopa responsive School Management System
CVSS v2 : unknown
v3 : 5.9
v2 : unknown
v3 : 4.8

08 Aug 2024, 16:15

Type Values Removed Values Added
Summary (en) A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Kashipara Responsive School Management System v1.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field. (en) A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field.

08 Aug 2024, 13:04

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad de Cross Site Scripting (XSS) Almacenado en "/smsa/add_class_submit.php" en Kashipara Responsive School Management System v1.0, que permite a atacantes remotos ejecutar código arbitrario a través del campo de parámetro "class_name".

07 Aug 2024, 19:35

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9

07 Aug 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-07 19:15

Updated : 2024-08-08 19:04


NVD link : CVE-2024-41239

Mitre link : CVE-2024-41239

CVE.ORG link : CVE-2024-41239


JSON object : View

Products Affected

lopalopa

  • responsive_school_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')