CVE-2024-9807

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-9807
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9807.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-9807
Published
2024-10-10T19:15:17.797Z
Modified
2026-04-10T05:20:00.759498Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. This issue affects some unknown processing of the file /sessions of the component Session Page. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.8.8 is able to address this issue. It is recommended to upgrade the affected component. The project maintainer was contacted early about the disclosure. He responded very quickly, friendly, and professional.

References

Affected packages

Git / github.com/craigrodway/classroombookings

Affected ranges

Type
GIT
Repo
https://github.com/craigrodway/classroombookings
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b4d26f56db68ad471e1018bda4b816bf0a1a90c1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.7"
        }
    ]
}

Affected versions

v2.*
v2.3.0-beta.1
v2.3.0-beta.2
v2.3.1
v2.3.2
v2.6.4
v2.6.5
v2.8.5
v2.8.6
v2.8.7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9807.json"