1.0.1
CVE-2024-13902 describes a problematic cross-site scripting (XSS) vulnerability discovered in huang-yk's student-manage software, specifically affecting versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. A fix is available in version 1.0.1, and the vulnerability details have been publicly disclosed.
The XSS vulnerability in student-manage allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can be exploited to steal user cookies, redirect users to malicious websites, or deface the application's interface. Successful exploitation could lead to unauthorized access to student data, modification of records, or even complete account takeover. The impact is amplified if the application is used in a sensitive environment or handles personally identifiable information (PII).
CVE-2024-13902 has been publicly disclosed, increasing the likelihood of exploitation. No specific KEV listing or EPSS score is currently available. The public availability of the vulnerability details makes it a potential target for automated scanning and exploitation attempts. The vulnerability was published on 2025-03-06.
Organizations and individuals using huang-yk student-manage versions 1.0 through 1.0 are at risk. This includes educational institutions, student record management systems, and any application relying on this specific software component. Users who have not implemented robust input validation practices are particularly vulnerable.
disclosure
漏洞利用状态
EPSS
0.06% (19% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-13902 is to upgrade to version 1.0.1 of student-manage, which contains the necessary fix. If upgrading immediately is not feasible, consider implementing input validation and output encoding on the 'Class' parameter within the Edit a Student Information Page to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. After upgrade, confirm by attempting to inject a simple XSS payload (e.g., <script>alert(1)</script>) into the 'Class' field and verifying that it is properly sanitized or blocked.
升级到补丁版本或应用供应商提供的缓解措施。验证并清理学生信息编辑页面上的用户输入,以防止恶意代码注入。实施内容安全策略 (CSP) 以限制浏览器可以加载资源的来源。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-13902 is a cross-site scripting (XSS) vulnerability affecting versions 1.0–1.0 of huang-yk student-manage, allowing attackers to inject malicious scripts. It has a LOW severity rating.
You are affected if you are using huang-yk student-manage versions 1.0 through 1.0. Upgrade to version 1.0.1 to resolve the vulnerability.
Upgrade to version 1.0.1 of student-manage. As a temporary workaround, implement input validation and output encoding on the 'Class' parameter.
While no active exploitation has been confirmed, the public disclosure of the vulnerability increases the risk of exploitation. Monitor your systems for suspicious activity.
Refer to the huang-yk project's official repository or website for the latest advisory and release notes regarding CVE-2024-13902.