CVE-2024-33982

🗓️ 06 Aug 2024 13:00:56Reported by INCIBEType

cve🔗 web.nvd.nist.gov👁 25 Views🌐 WEB

Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System version 1.

Reporter	Title	Published	Views	Family All 7
CNNVD	School Attendance Monitoring System和School Event Management System 跨站脚本漏洞	6 Aug 202400:00	–	cnnvd
Cvelist	CVE-2024-33982 Cross-Site Scripting (XSS) vulnerability in Janobe products	6 Aug 202413:00	–	cvelist
EUVD	EUVD-2024-34562	3 Oct 202520:07	–	euvd
NVD	CVE-2024-33982	6 Aug 202413:15	–	nvd
OSV	CVE-2024-33982	6 Aug 202413:15	–	osv
Positive Technologies	PT-2024-25614 · Unknown · School Management System +1	6 Aug 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-33982 Cross-Site Scripting (XSS) vulnerability in Janobe products	6 Aug 202413:00	–	vulnrichment

NVD

Vulners

Node

janobe school_attendence_monitoring_systemMatch1.0

janobe school_event_management_systemMatch1.0

[
  {
    "defaultStatus": "unaffected",
    "product": "School Attendance Monitoring System",
    "vendor": "Janobe",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "School Event Management System",
    "vendor": "Janobe",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

Source	Link
incibe	www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products

Parameter	Position	Path	Description	CWE
StudentID	query param	/AttendanceMonitoring/student/controller.php	Cross-Site Scripting (XSS) via the StudentID query parameter in /AttendanceMonitoring/student/controller.php leading to potential exposure of session data.	CWE-79

15 Aug 2024 16:55Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.16.1 - 7.1

EPSS0.00094

SSVC

CWE-79