CVE-2024-35351 | Diño Physics School Assistant 2.3 SystemSettings.php name cross site scripting

Posted by Angelo Barbosa | May 30, 2024 | CVE

A vulnerability was found in Diño Physics School Assistant 2.3 and classified as problematic. This issue affects some unknown processing of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to cross site scripting.

The identification of this vulnerability is CVE-2024-35351. The attack may be initiated remotely. There is no exploit available.

CVE-2024-35351 | Diño Physics School Assistant 2.3 SystemSettings.php name cross site scripting

Related Posts

CVE-2024-45135 | Adobe Commerce up to 2.4.7-p2/2.4.6-p7/2.4.5-p9/2.4.4-p10 access control (apsb24-73)

CVE-2024-1947 | GitLab Community Edition/Enterprise Edition up to 16.10.5/16.11.2/17.0.0 API Call resource consumption (Issue 443559)

CVE-2024-25551 | sourcecodester Simple Student Attendance System 1.0 page cross site scripting

CVE-2017-13311 | Google Android 7/8/8.1 ProcessStats.java read permission