Unrated severityNVD Advisory· Published May 13, 2024· Updated Aug 1, 2024
Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION
CVE-2024-4823
Description
Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index '/schoolerp/office_admin/' in the parameters es_bankacc, es_bank_name, es_bank_pin, es_checkno, es_teller_number, dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =1.0
- Range: 1.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.