### Key Information 1. **Vulnerability ID**: - VDB-275771 - CVE-2024-8172 2. **Vulnerability Name**: - SourceCodester QR Code Attendance System 1.0 - Delete Student Attendance Cross Site Scripting 3. **Affected File**: - /endpoint/delete-student.php 4. **Vulnerability Description**: - The vulnerability affects some unknown file handling processes. - By manipulating the `student/attendance` parameter, a Cross-Site Scripting (XSS) attack can be triggered. - The product does not properly neutralize or fails to neutralize user-controllable input. 5. **CVSS Meta Temp Score**: - 4.3 6. **Current Vulnerability Price**: - $0-$5k 7. **CTI Interest Score**: - 1.07 8. **Vulnerability Impact**: - Affects integrity. 9. **Vulnerability Identification**: - CVE-2024-8172 10. **Exploit Difficulty**: - Known to be easy to exploit. 11. **Attack Vector**: - Can be launched remotely. - Requires some user interaction from the victim. 12. **Technical Details and Public Exploits**: - Known technical details and public exploits exist. 13. **Attack Technique**: - According to MITRE ATT&CK, uses T1059.007 technique. 14. **Exploit Tools**: - Vulnerable targets can be found by searching for `inurl:endpoint/delete-student.php`. 15. **Recommended Mitigation**: - Replace the affected component. ### Summary This vulnerability is a Cross-Site Scripting (XSS) flaw affecting the file handling in SourceCodester QR Code Attendance System 1.0. It can be exploited remotely and public exploits are known. It is recommended to replace the affected component to remediate this vulnerability.