Lucene search
CVE-2024-4823
Vulnerability in School ERP Pro+Responsive 1.0 allows XSS via '/schoolerp/office_admin/' parameters. Attacker can hijack authenticated user's browser session
Show more
| Reporter | Title | Published | Views | Family All 3 |
|---|---|---|---|---|
 | CVE-2024-4823 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION | 13 May 202411:27 | – | vulnrichment |
 | CVE-2024-4823 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION | 13 May 202411:27 | – | cvelist |
 | CVE-2024-4823 | 14 May 202415:45 | – | nvd |
Node
[
{
"defaultStatus": "unaffected",
"product": "School ERP Pro+Responsive",
"vendor": "AROX SOLUTION",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| es_bankacc | query param | /schoolerp/office_admin/ | XSS vulnerability allows attackers to inject JavaScript payloads via parameters. | CWE-79 |
| es_bank_name | query param | /schoolerp/office_admin/ | XSS vulnerability allows attackers to inject JavaScript payloads via parameters. | CWE-79 |
| es_bank_pin | query param | /schoolerp/office_admin/ | XSS vulnerability allows attackers to inject JavaScript payloads via parameters. | CWE-79 |
| es_checkno | query param | /schoolerp/office_admin/ | XSS vulnerability allows attackers to inject JavaScript payloads via parameters. | CWE-79 |
| es_teller_number | query param | /schoolerp/office_admin/ | XSS vulnerability allows attackers to inject JavaScript payloads via parameters. | CWE-79 |
| dc1 | query param | /schoolerp/office_admin/ | XSS vulnerability allows attackers to inject JavaScript payloads via parameters. | CWE-79 |
| dc2 | query param | /schoolerp/office_admin/ | XSS vulnerability allows attackers to inject JavaScript payloads via parameters. | CWE-79 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo14 May 2024 15:45Current
5.4Medium risk
Vulners AI Score5.4
CVSS36.5
EPSS0.00043
SSVC