Security Advisory

CVE-2024-4823

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-13 11:27:26

Last updated 2024-08-01 20:55:10

Assigner INCIBE

State PUBLISHED

Description

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index /schoolerp/office_admin/ in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.

← Browse all CVEs View on cve.org ↗