CVERadar

CVE-2024-4682

Medium Severity

Campcodes

SVRS

30/100

CVSSv3

6.1/10

EPSS

0.00197/1

CVE-2024-4682: Cross-site scripting vulnerability in Campcodes Complete Web-Based School Management System 1.0. A cross-site scripting (XSS) vulnerability exists in the /view/exam_timetable_update_form.php file of Campcodes Complete Web-Based School Management System 1.0, allowing remote attackers to inject arbitrary web scripts or HTML via the 'exam' argument. The attack can be launched remotely, and exploit details are publicly available. Given the low SOCRadar Vulnerability Risk Score (SVRS) of 30, this is not considered a critical vulnerability requiring immediate action, but should still be addressed. This vulnerability could allow an attacker to execute malicious scripts in the browsers of users who visit an affected web page within the School Management System. Successful exploitation could lead to session hijacking, defacement, or redirection to malicious websites, impacting user data and system integrity. While the CVSS score is moderate (6.1), the relatively low SVRS indicates a lower real-world risk profile.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-4682 | Campcodes Complete Web-Based School Management System 1.0 exam_timetable_update_form.php exam cross site scripting

vuldb.com2025-02-20

CVE-2024-4682 | Campcodes Complete Web-Based School Management System 1.0 exam_timetable_update_form.php exam cross site scripting | A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/exam_timetable_update_form.php. The manipulation of the argument exam leads to cross site scripting. This vulnerability is known as <a href="https://vuldb.com/?source_cve.263623

vuldb.com

rss

forum

news

Vulnerability Summary for the Week of May 13, 2024

CISA2024-05-20

; The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-05-14 <a href="https://nvd.nist.gov/cvss.cfm?version=2&name=CVE-2024-4567&vector=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" target="_blank" title

cve-2023-52695

cve-2024-4231

cve-2024-4968

cve-2024-4666

Social Media

No tweets found for this CVE

Affected Software

Configuration 1

Type	Vendor	Product
App	Campcodes	complete_web-based_school_management_system

References

Reference	Link
[email protected]	https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf
[email protected]	https://vuldb.com/?ctiid.263623
[email protected]	https://vuldb.com/?id.263623
[email protected]	https://vuldb.com/?submit.331772
AF854A3A-2127-422B-91AE-364DA2661108	https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf
AF854A3A-2127-422B-91AE-364DA2661108	https://vuldb.com/?ctiid.263623
AF854A3A-2127-422B-91AE-364DA2661108	https://vuldb.com/?id.263623
AF854A3A-2127-422B-91AE-364DA2661108	https://vuldb.com/?submit.331772
[email protected]	https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20xss/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2029.pdf
[email protected]	https://vuldb.com/?ctiid.263623
[email protected]	https://vuldb.com/?id.263623
[email protected]	https://vuldb.com/?submit.331772

CWE Details

CWE ID	CWE Name	Description
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence