CVE-2024-13143
Global infos:
A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/PermissionController. java. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE Status: Awaiting Analysis
References:
Metrics:
| Attribute | Value |
|---|---|
| Attack Complexity | LOW |
| Attack Vector | NETWORK |
| Availability Impact | NONE |
| Base Score | 2.4 |
| Base Severity | LOW |
| Confidentiality Impact | NONE |
| Integrity Impact | LOW |
| Privileges Required | HIGH |
| Scope | UNCHANGED |
| User Interaction | REQUIRED |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N |
| Exploitability Score | 0.9 |
| Impact Score | 1.4 |
| Source | [email protected] |
| Type | Secondary |