CVE-2024-0183: RRJ Nueva Ecija Engineer Online Portal NIA Office students.php cross site scripting
Description
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability. Es wurde eine Schwachstelle in RRJ Nueva Ecija Engineer Online Portal 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/students.php der Komponente NIA Office. Mittels dem Manipulieren mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2024-0183
CVSS Base Severity: LOW
CVSS Base Score: 2.4
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Problem Types
CWE-80 Basic Cross Site ScriptingAffected Products
Vendor: RRJ
Product: Nueva Ecija Engineer Online Portal
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.06% (probability of being exploited)
EPSS Percentile: 17.32% (scored less or equal to compared to others)
EPSS Date: 2025-06-06 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: poc
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-0183https://vuldb.com/?id.249441
https://vuldb.com/?ctiid.249441
https://mega.nz/file/SB8ylCxQ#vSaXJwbNjeG-KXatgkxE8XI6Cmnv-A_Sg2IjvoJZs0E