CVE-2024-4823 Information

Description

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the index ‘/schoolerp/office_admin/’ in the parameters es_bankacc es_bank_name es_bank_pin es_checkno es_teller_number dc1 and dc2. An attacker could send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-school-erp-proresponsive-arox-solution