CVE-2024-9807

A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. This issue affects some unknown processing of the file /sessions of the component Session Page. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.8.8 is able to address this issue. It is recommended to upgrade the affected component. The project maintainer was contacted early about the disclosure. He responded very quickly, friendly, and professional.
Configurations

Configuration 1 (hide)

cpe:2.3:a:classroombookings:classroombookings:2.8.7:*:*:*:*:*:*:*

History

17 Oct 2024, 14:44

Type Values Removed Values Added
CVSS v2 : 3.3
v3 : 2.4
v2 : 3.3
v3 : 4.8
References () https://github.com/JunMing27/CVE/blob/main/CVE%20-%20classroombookings%20Cross%20Site%20Scripting%20(XSS)%20at%20create%20and%20edit%20session%20page%20via%20Administrator%20Dashboard.md - () https://github.com/JunMing27/CVE/blob/main/CVE%20-%20classroombookings%20Cross%20Site%20Scripting%20(XSS)%20at%20create%20and%20edit%20session%20page%20via%20Administrator%20Dashboard.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.279959 - () https://vuldb.com/?ctiid.279959 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.279959 - () https://vuldb.com/?id.279959 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.419262 - () https://vuldb.com/?submit.419262 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:classroombookings:classroombookings:2.8.7:*:*:*:*:*:*:*
First Time Classroombookings classroombookings
Classroombookings

15 Oct 2024, 12:58

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en Craig Rodway Classroombookings 2.8.7 y se clasificó como problemática. Este problema afecta a algunos procesos desconocidos del archivo /sesiones del componente Session Page. La manipulación del argumento Name provoca cross site scripting. El ataque puede iniciarse de forma remota. La actualización a la versión 2.8.8 puede solucionar este problema. Se recomienda actualizar el componente afectado. Se contactó al responsable del proyecto con anticipación sobre la divulgación. Respondió muy rápido, de manera amable y profesional.

10 Oct 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-10 19:15

Updated : 2024-10-17 14:44


NVD link : CVE-2024-9807

Mitre link : CVE-2024-9807

CVE.ORG link : CVE-2024-9807


JSON object : View

Products Affected

classroombookings

  • classroombookings
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')