Plattform
other
Komponente
student-manage
Behoben in
1.0.1
CVE-2024-13902 describes a problematic cross-site scripting (XSS) vulnerability discovered in huang-yk's student-manage software, specifically affecting versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. A fix is available in version 1.0.1, and the vulnerability details have been publicly disclosed.
The XSS vulnerability in student-manage allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can be exploited to steal user cookies, redirect users to malicious websites, or deface the application's interface. Successful exploitation could lead to unauthorized access to student data, modification of records, or even complete account takeover. The impact is amplified if the application is used in a sensitive environment or handles personally identifiable information (PII).
CVE-2024-13902 has been publicly disclosed, increasing the likelihood of exploitation. No specific KEV listing or EPSS score is currently available. The public availability of the vulnerability details makes it a potential target for automated scanning and exploitation attempts. The vulnerability was published on 2025-03-06.
Organizations and individuals using huang-yk student-manage versions 1.0 through 1.0 are at risk. This includes educational institutions, student record management systems, and any application relying on this specific software component. Users who have not implemented robust input validation practices are particularly vulnerable.
disclosure
Exploit-Status
EPSS
0.06% (19% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-13902 is to upgrade to version 1.0.1 of student-manage, which contains the necessary fix. If upgrading immediately is not feasible, consider implementing input validation and output encoding on the 'Class' parameter within the Edit a Student Information Page to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. After upgrade, confirm by attempting to inject a simple XSS payload (e.g., <script>alert(1)</script>) into the 'Class' field and verifying that it is properly sanitized or blocked.
Actualizar a una versión parcheada o aplicar las mitigaciones proporcionadas por el proveedor. Validar y limpiar las entradas del usuario en la página de edición de información del estudiante para evitar la inyección de código malicioso. Implementar una política de seguridad de contenido (CSP) para restringir las fuentes de las que el navegador puede cargar recursos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-13902 is a cross-site scripting (XSS) vulnerability affecting versions 1.0–1.0 of huang-yk student-manage, allowing attackers to inject malicious scripts. It has a LOW severity rating.
You are affected if you are using huang-yk student-manage versions 1.0 through 1.0. Upgrade to version 1.0.1 to resolve the vulnerability.
Upgrade to version 1.0.1 of student-manage. As a temporary workaround, implement input validation and output encoding on the 'Class' parameter.
While no active exploitation has been confirmed, the public disclosure of the vulnerability increases the risk of exploitation. Monitor your systems for suspicious activity.
Refer to the huang-yk project's official repository or website for the latest advisory and release notes regarding CVE-2024-13902.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.