Vulnerability Details CVE-2024-28277
In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloads.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.0%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/unrealjbr/CVE-2024-28277
- https://www.sourcecodester.com/download-code?nid=16877&title=School+Task+Manager+Using+PHP+with+Source+Code
- https://github.com/unrealjbr/CVE-2024-28277
- https://www.sourcecodester.com/download-code?nid=16877&title=School+Task+Manager+Using+PHP+with+Source+Code
Products affected by CVE-2024-28277
-
cpe:2.3:a:remyandrade:school_task_manager:1.0