Platform
other
Component
student-manage
Fixed in
1.0.1
CVE-2024-13902 describes a problematic cross-site scripting (XSS) vulnerability discovered in huang-yk's student-manage software, specifically affecting versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. A fix is available in version 1.0.1, and the vulnerability details have been publicly disclosed.
The XSS vulnerability in student-manage allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can be exploited to steal user cookies, redirect users to malicious websites, or deface the application's interface. Successful exploitation could lead to unauthorized access to student data, modification of records, or even complete account takeover. The impact is amplified if the application is used in a sensitive environment or handles personally identifiable information (PII).
CVE-2024-13902 has been publicly disclosed, increasing the likelihood of exploitation. No specific KEV listing or EPSS score is currently available. The public availability of the vulnerability details makes it a potential target for automated scanning and exploitation attempts. The vulnerability was published on 2025-03-06.
Exploit Status
EPSS
0.06% (19% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-13902 is to upgrade to version 1.0.1 of student-manage, which contains the necessary fix. If upgrading immediately is not feasible, consider implementing input validation and output encoding on the 'Class' parameter within the Edit a Student Information Page to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. After upgrade, confirm by attempting to inject a simple XSS payload (e.g., <script>alert(1)</script>) into the 'Class' field and verifying that it is properly sanitized or blocked.
Update to a patched version or apply the mitigations provided by the vendor. Validate and sanitize user inputs on the student information editing page to prevent the injection of malicious code. Implement a content security policy (CSP) to restrict the sources from which the browser can load resources.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-13902 is a cross-site scripting (XSS) vulnerability affecting versions 1.0–1.0 of huang-yk student-manage, allowing attackers to inject malicious scripts. It has a LOW severity rating.
You are affected if you are using huang-yk student-manage versions 1.0 through 1.0. Upgrade to version 1.0.1 to resolve the vulnerability.
Upgrade to version 1.0.1 of student-manage. As a temporary workaround, implement input validation and output encoding on the 'Class' parameter.
While no active exploitation has been confirmed, the public disclosure of the vulnerability increases the risk of exploitation. Monitor your systems for suspicious activity.
Refer to the huang-yk project's official repository or website for the latest advisory and release notes regarding CVE-2024-13902.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.