Platform
php
Component
cve_hub
Fixed in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in Campcodes Simple Student Information System versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user data and session integrity. The vulnerability resides within the /admin/students/manageacademic.php file and is triggered by manipulating the studentid parameter. A patch is available in version 1.0.1.
Successful exploitation of CVE-2023-5930 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Simple Student Information System. This can lead to the theft of sensitive information, such as session cookies, login credentials, and personal data stored within the application. Attackers could also redirect users to malicious websites or deface the application's interface. The impact is amplified if the affected system is used to manage sensitive student records, as attackers could potentially modify or delete data.
This vulnerability has been publicly disclosed and a proof-of-concept may be available. While the CVSS score is LOW, the ease of exploitation and potential impact on sensitive student data warrant prompt attention. No active exploitation campaigns have been publicly reported as of the publication date, but the public disclosure increases the risk of opportunistic attacks. The vulnerability was reported to the vendor on an unknown date and publicly disclosed on 2023-11-02.
Exploit Status
EPSS
0.07% (22% percentile)
CVSS Vector
The primary mitigation for CVE-2023-5930 is to immediately upgrade to version 1.0.1 of the Simple Student Information System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the studentid parameter within the /admin/students/manageacademic.php file to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update the application's codebase to prevent future vulnerabilities.
Actualice a una versión parcheada del Simple Student Information System que solucione la vulnerabilidad XSS. Si no hay una versión disponible, revise y filtre las entradas del parámetro 'student_id' en el archivo manage_academic.php para evitar la inyección de código malicioso. Implemente validación y saneamiento de entradas en el código.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-5930 is a cross-site scripting (XSS) vulnerability affecting Simple Student Information System versions 1.0 through 1.0. It allows attackers to inject malicious scripts via the studentid parameter in /admin/students/manageacademic.php.
Yes, if you are running Simple Student Information System version 1.0, you are vulnerable to this XSS attack. Upgrade to version 1.0.1 to mitigate the risk.
The recommended fix is to upgrade to version 1.0.1. If immediate upgrade is not possible, implement input validation and output encoding on the student_id parameter.
While no active exploitation campaigns have been publicly reported, the vulnerability has been publicly disclosed, increasing the risk of opportunistic attacks.
Refer to the vendor's website or security advisories for the most up-to-date information regarding CVE-2023-5930 and available patches.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.