CVE-2024-28277 - Vulnerability Details - OpenCVE

In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloads.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Remyandrade	School Task Manager

Configuration 1 [-]

cpe:2.3:a:remyandrade:school_task_manager:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/unrealjbr/CVE-2024-28277
https://www.sourcecodester.com/download-code?nid=16877&title=School+Task+Manager+Using+PHP+with+Source+Code

History

Tue, 11 Feb 2025 22:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Remyandrade Remyandrade school Task Manager
Weaknesses		CWE-79
CPEs		cpe:2.3:a:remyandrade:school_task_manager:1.0:::::::*
Vendors & Products		Remyandrade Remyandrade school Task Manager
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-05-13T19:51:05.163Z

Updated: 2025-03-27T19:51:30.129Z

Reserved: 2024-03-08T00:00:00.000Z

Link: CVE-2024-28277

Vulnrichment

Updated: 2024-08-02T00:48:49.669Z

NVD

Status : Modified

Published: 2024-05-14T15:14:18.617

Modified: 2025-03-27T20:15:24.940

Link: CVE-2024-28277

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-28277", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-27T19:51:30.129Z", "datePublished": "2024-05-13T19:51:05.163Z", "dateReserved": "2024-03-08T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-13T19:51:05.442Z"}, "descriptions": [{"lang": "en", "value": "In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloads."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.sourcecodester.com/download-code?nid=16877&title=School+Task+Manager+Using+PHP+with+Source+Code"}, {"url": "https://github.com/unrealjbr/CVE-2024-28277"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-15T18:08:23.962431Z", "id": "CVE-2024-28277", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T19:51:30.129Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.669Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.sourcecodester.com/download-code?nid=16877&title=School+Task+Manager+Using+PHP+with+Source+Code", "tags": ["x_transferred"]}, {"url": "https://github.com/unrealjbr/CVE-2024-28277", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.sourcecodester.com/download-code?nid=16877&title=School+Task+Manager+Using+PHP+with+Source+Code", "tags": ["x_transferred"]}, {"url": "https://github.com/unrealjbr/CVE-2024-28277", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.669Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-28277", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-15T18:08:23.962431Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-15T19:07:50.948Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.sourcecodester.com/download-code?nid=16877&title=School+Task+Manager+Using+PHP+with+Source+Code"}, {"url": "https://github.com/unrealjbr/CVE-2024-28277"}], "descriptions": [{"lang": "en", "value": "In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloads."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-13T19:51:05.442Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28277", "state": "PUBLISHED", "dateUpdated": "2025-03-27T19:51:30.129Z", "dateReserved": "2024-03-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-13T19:51:05.163Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:remyandrade:school_task_manager:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "912FFDF4-5A9C-4E91-AD6F-3AA762CE409E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloads."}, {"lang": "es", "value": "En Sourcecodester School Task Manager v1.0, se identific\u00f3 una vulnerabilidad dentro del par\u00e1metro sujeto_nombre=, lo que permite ataques de Cross-Site Scripting Almacenado (XSS). Esta vulnerabilidad permite a los atacantes manipular el nombre del sujeto, lo que podr\u00eda conducir a la ejecuci\u00f3n de payloads de JavaScript maliciosos."}], "id": "CVE-2024-28277", "lastModified": "2025-03-27T20:15:24.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-14T15:14:18.617", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://github.com/unrealjbr/CVE-2024-28277"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.sourcecodester.com/download-code?nid=16877&title=School+Task+Manager+Using+PHP+with+Source+Code"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/unrealjbr/CVE-2024-28277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.sourcecodester.com/download-code?nid=16877&title=School+Task+Manager+Using+PHP+with+Source+Code"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}