CVE Published: 06/08/2024 |
CVE Updated: 08/08/2024 |
CVE Year: 2024 Source: INCIBE |
Vendor: Janobe |
Product: School Event Management System Status : PUBLISHED
CVE-2024-33993 Description
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the \'view\' parameter in /candidate/index.php\'.
Metrics
CVSS Version: 3.1 |
Base Score: 7.1 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L