CVE-2024-47097

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,1

Source: 33c584b5-0579-4c06-b2a0-8d8329fcab9c

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: active

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Integrity Availability

Potential Impacts:

Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

https://www.securin.io/zero-day/cve-2024-47097-reflected-cr…

https://www.securin.io/zero-day/cve-2024-47097-reflected-cross-site-scripting-i…

CVE-2024-47097

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter