CVE Catalog

CVE-2023-3381

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

37th percentile — higher than 37% of all known CVEs

Summary

A vulnerability was found in SourceCodester Online School Fees System 1.0 that allows cross-site scripting (XSS) attacks through manipulation of the doj parameter in the /paysystem/datatable.php file. The attack can be launched remotely.

Risk Assessment

This vulnerability poses a security risk to the application, allowing attackers to inject malicious code, which may lead to user data theft or session hijacking.

Recommendation

It is recommended to update the system to the latest version that addresses this vulnerability and to implement appropriate security measures against XSS attacks.

Original NVD description (English source)

A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-232237 was assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS