{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-9807","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-10-10T08:29:59.935Z","datePublished":"2024-10-10T19:00:06.255Z","dateUpdated":"2024-10-10T19:30:35.513Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-10-10T19:00:06.255Z"},"title":"Craig Rodway Classroombookings Session Page sessions cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]}],"affected":[{"vendor":"Craig Rodway","product":"Classroombookings","versions":[{"version":"2.8.7","status":"affected"}],"modules":["Session Page"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. This issue affects some unknown processing of the file /sessions of the component Session Page. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.8.8 is able to address this issue. It is recommended to upgrade the affected component. The project maintainer was contacted early about the disclosure. He responded very quickly, friendly, and professional."},{"lang":"de","value":"Eine problematische Schwachstelle wurde in Craig Rodway Classroombookings 2.8.7 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /sessions der Komponente Session Page. Durch das Beeinflussen des Arguments Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Ein Aktualisieren auf die Version 2.8.8 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":2.4,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":2.4,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":3.3,"vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N"}}],"timeline":[{"time":"2024-10-10T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-10-10T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-10-10T10:35:51.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"scream3gg (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.279959","name":"VDB-279959 | Craig Rodway Classroombookings Session Page sessions cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.279959","name":"VDB-279959 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.419262","name":"Submit #419262 | Craigrodway Classroombookings 2.8.7 Cross Site Scripting","tags":["third-party-advisory"]},{"url":"https://github.com/JunMing27/CVE/blob/main/CVE%20-%20classroombookings%20Cross%20Site%20Scripting%20(XSS)%20at%20create%20and%20edit%20session%20page%20via%20Administrator%20Dashboard.md","tags":["broken-link"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-10T19:30:10.111668Z","id":"CVE-2024-9807","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-10T19:30:35.513Z"}}]}}