CVE Details
Basic Information
| Title | Campcodes Complete Web-Based School Management System timetable_insert_form.php cross site scripting |
|---|---|
| Type | cve |
| Published | 2024-05-06T02:00:04.978Z |
| Modified | 2024-08-01T20:40:47.430Z |
Product Information
| Vendor | Campcodes |
|---|---|
| Product | Complete Web-Based School Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 3.5 (LOW) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability was discovered in the timetable form of Campcodes Complete Web-Based School Management System. This allows remote attackers to inject malicious scripts via the ‘grade’ argument. The vulnerability is considered low severity but could still pose risks if exploited. |
|---|---|
| AI Severity | Low |
| AI Vendor | Campcodes |
| AI Product | Complete Web-Based School Management System |
| AI Version | 1.0 |
Affected Products
- Campcodes Complete Web-Based School Management System 1.0
Additional Information
| CWE List | CWE-79 |
|---|---|
| Source | VulDB |
Description
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263118 is the identifier assigned to this vulnerability.