प्लेटफ़ॉर्म
other
घटक
student-manage
में ठीक किया गया
1.0.1
CVE-2024-13902 describes a problematic cross-site scripting (XSS) vulnerability discovered in huang-yk's student-manage software, specifically affecting versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. A fix is available in version 1.0.1, and the vulnerability details have been publicly disclosed.
The XSS vulnerability in student-manage allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can be exploited to steal user cookies, redirect users to malicious websites, or deface the application's interface. Successful exploitation could lead to unauthorized access to student data, modification of records, or even complete account takeover. The impact is amplified if the application is used in a sensitive environment or handles personally identifiable information (PII).
CVE-2024-13902 has been publicly disclosed, increasing the likelihood of exploitation. No specific KEV listing or EPSS score is currently available. The public availability of the vulnerability details makes it a potential target for automated scanning and exploitation attempts. The vulnerability was published on 2025-03-06.
Organizations and individuals using huang-yk student-manage versions 1.0 through 1.0 are at risk. This includes educational institutions, student record management systems, and any application relying on this specific software component. Users who have not implemented robust input validation practices are particularly vulnerable.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.06% (19% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-13902 is to upgrade to version 1.0.1 of student-manage, which contains the necessary fix. If upgrading immediately is not feasible, consider implementing input validation and output encoding on the 'Class' parameter within the Edit a Student Information Page to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. After upgrade, confirm by attempting to inject a simple XSS payload (e.g., <script>alert(1)</script>) into the 'Class' field and verifying that it is properly sanitized or blocked.
एक पैच किए गए संस्करण में अपडेट करें या विक्रेता द्वारा प्रदान किए गए शमन लागू करें। छात्र जानकारी संपादन पृष्ठ पर उपयोगकर्ता इनपुट को मान्य और साफ़ करें ताकि दुर्भावनापूर्ण कोड इंजेक्शन से बचा जा सके। ब्राउज़र द्वारा संसाधनों को लोड करने के स्रोतों को प्रतिबंधित करने के लिए एक सामग्री सुरक्षा नीति (CSP) लागू करें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-13902 is a cross-site scripting (XSS) vulnerability affecting versions 1.0–1.0 of huang-yk student-manage, allowing attackers to inject malicious scripts. It has a LOW severity rating.
You are affected if you are using huang-yk student-manage versions 1.0 through 1.0. Upgrade to version 1.0.1 to resolve the vulnerability.
Upgrade to version 1.0.1 of student-manage. As a temporary workaround, implement input validation and output encoding on the 'Class' parameter.
While no active exploitation has been confirmed, the public disclosure of the vulnerability increases the risk of exploitation. Monitor your systems for suspicious activity.
Refer to the huang-yk project's official repository or website for the latest advisory and release notes regarding CVE-2024-13902.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।