Lucene search

INCIBECVELIST:CVE-2024-4822

HistoryMay 13, 2024 - 11:26 a.m.

CVE-2024-4822 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION

2024-05-1311:26:27

CWE-79

INCIBE

www.cve.org

cve-2024-4822

cross-site scripting

school erp pro+responsive

arox solution

vulnerability

browser session control

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

Percentile

9.0%

JSON

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in ‘/index.php’. This vulnerability allows an attacker to partially take control of the victim’s browser session.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "School ERP Pro+Responsive",
    "vendor": "AROX SOLUTION",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-school-erp-proresponsive-arox-solution

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-4822