Plattform
java
Komponente
manager-system
Behoben in
1.0.1
CVE-2024-13142 is a cross-site scripting (XSS) vulnerability identified in ZeroWdd studentmanager versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially stealing user data or performing unauthorized actions. A fix is available in version 1.0.1, and users are strongly advised to upgrade immediately.
The XSS vulnerability in ZeroWdd studentmanager arises from improper input validation within the submitAddRole function. An attacker can craft a malicious request that includes a specially crafted name parameter. When this request is processed, the application fails to sanitize the input, allowing the attacker's script to be executed in the context of another user's browser. This could lead to session hijacking, defacement of the application, or redirection to phishing sites. The potential impact is significant, as successful exploitation could compromise sensitive user information and application integrity.
CVE-2024-13142 was publicly disclosed on 2025-01-05. There is no indication of active exploitation campaigns at this time. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The CVSS score of 2.4 indicates a low severity rating.
Organizations and individuals using ZeroWdd studentmanager version 1.0 are at risk. This includes educational institutions, student portals, and any application relying on this specific component. Web applications with similar input handling logic are also potentially vulnerable to similar XSS attacks.
• java / server:
grep -r "submitAddRole" /path/to/studentmanager/src/• generic web: • Check for unusual JavaScript execution in the application's source code. • Monitor access logs for requests with suspicious characters in URL parameters. • Review response headers for unexpected script tags.
disclosure
Exploit-Status
EPSS
0.10% (28% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-13142 is to upgrade ZeroWdd studentmanager to version 1.0.1 or later, which includes the necessary input validation fixes. If immediate upgrading is not possible, consider implementing a Web Application Firewall (WAF) rule to filter requests containing suspicious characters in the name parameter. Additionally, carefully review and sanitize all user-supplied input within the submitAddRole function to prevent future XSS vulnerabilities. After upgrading, confirm the fix by attempting to submit a request with a known malicious payload and verifying that it is properly sanitized.
Actualizar a una versión parcheada de studentmanager que corrija la vulnerabilidad de Cross-Site Scripting (XSS). Verificar y sanitizar todas las entradas de usuario, especialmente el campo 'name' en la función submitAddRole, para evitar la inyección de código malicioso. Implementar una política de seguridad de contenido (CSP) para mitigar los riesgos de XSS.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-13142 is a cross-site scripting (XSS) vulnerability affecting ZeroWdd studentmanager versions 1.0-1.0, allowing attackers to inject malicious scripts.
Yes, if you are using ZeroWdd studentmanager version 1.0, you are affected by this vulnerability and should upgrade immediately.
Upgrade to version 1.0.1 or later. As a temporary measure, implement a WAF rule to filter suspicious requests.
There is currently no evidence of active exploitation, but it's crucial to apply the fix to prevent potential attacks.
Refer to the ZeroWdd project's official website or repository for the latest security advisories and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.