Description
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do.
Published: 2026-05-28
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 28 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Follet School Solutions
Follet School Solutions destiny
Vendors & Products Follet School Solutions
Follet School Solutions destiny

Thu, 28 May 2026 08:45:00 +0000

Type Values Removed Values Added
Description Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do.
Title Reflected Cross-Site Scripting in Follet School Solutions Destiny
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}


Subscriptions

Follet School Solutions Destiny
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-28T12:10:08.787Z

Reserved: 2024-09-18T15:52:22.556Z

Link: CVE-2024-47096

cve-icon Vulnrichment

Updated: 2026-05-28T12:10:03.518Z

cve-icon NVD

Status : Deferred

Published: 2026-05-28T09:16:28.957

Modified: 2026-06-17T07:56:32.513

Link: CVE-2024-47096

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T09:30:06Z

Weaknesses