CVE-2024-34224

HIGH

Computer Laboratory Management System 1.0 - XSS

Title source: llm
STIX 2.1

Description

Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters.

Exploits (1)

nomisec WRITEUP
by dovankha · poc
https://github.com/dovankha/CVE-2024-34224

References (1)

Scores

CVSS v3 7.3
EPSS 0.0082
EPSS Percentile 74.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
oretnom23/computer_laboratory_management_system 1.0
Published May 14, 2024
Tracked Since Feb 18, 2026