{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-4525", "ASSIGNER": "cna@vuldb.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263128." }, { "lang": "deu", "value": "In Campcodes Complete Web-Based School Management System 1.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /view/student_payment_details4.php. Durch Manipulieren des Arguments index mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79 Cross Site Scripting", "cweId": "CWE-79" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Campcodes", "product": { "product_data": [ { "product_name": "Complete Web-Based School Management System", "version": { "version_data": [ { "version_affected": "=", "version_value": "1.0" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://vuldb.com/?id.263128", "refsource": "MISC", "name": "https://vuldb.com/?id.263128" }, { "url": "https://vuldb.com/?ctiid.263128", "refsource": "MISC", "name": "https://vuldb.com/?ctiid.263128" }, { "url": "https://vuldb.com/?submit.329771", "refsource": "MISC", "name": "https://vuldb.com/?submit.329771" }, { "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf", "refsource": "MISC", "name": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2012.pdf" } ] }, "credits": [ { "lang": "en", "value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)" } ], "impact": { "cvss": [ { "version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW" }, { "version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW" }, { "version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] } }