CVE-2024-47095: XSS in Destiny Library Manager

Reflected Cross-Site Scripting in Follett School Solutions Destiny Library Manager

Cross Site Scripting vulnerability in Follett School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the expiredSupportMessage parameter of handleloginform.do.

CVE IDCVE-2024-47095

CVSS v3.15.1 Medium

VendorFollett School Solutions

CWECWE-79

DisclosedSep 26, 2024

StatusFixed

01/Description

What this actually is.

Technical background, root cause, and affected surface.

Versions of Follett School Solutions Destiny Library manager before v22.0.1 AU1 are affected by a reflected cross-site scripting vulnerability. Due to this vulnerability, if the application is accessed through an attacker-controlled link, the attacker can display arbitrary (potentially hostile and dangerous) content in the context of the otherwise legitimate website.

Vendor: Follett School Solutions
Affected Product: Destiny Library Manager
CVE: CVE-2024-47095
Securin ID: -
Status: Fixed
Date: September 26, 2024
Severity: Medium
CVSS Score: 5.1
CWE: CWE-79
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

02/Proof of Concept

From one request
to root shell.

Reproduced in a sandboxed environment. Requires only LAN or WiFi adjacency.

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ScopeChanged

ImpactC:L / I:L / A:N

SeverityMedium

We tested the following vulnerability on a deployment of Follett School Solutions Destiny Library Manager version 21.2.0 RC2.

PoC · Exploitation Steps▲ trigger

01Figure 1: Observing arbitrary JavaScript execution as a consequence of accessing the application through a crafted URL.

03/Impact

What an attacker does to you.

Post-exploitation outcomes mapped to CVSS impact metrics.

If a user accesses the vulnerable application through an attacker controlled link, the attacker can arbitrarily modify the contents of the site as displayed to the victim user. This can be abused to achieve a form of vandalism, to spread misinformation, and to steal any passwords users may submit to the site.

04/Remediation

Fix it. In this order.

A runbook, not a checklist. Sequence matters — assume compromise before you act.

Encode special characters prior to reflecting them in an HTML or JavaScript context via server-side templating.

Securin advisory — For coordinated remediation support or threat-actor briefings related to CVE-2024-47095, contact disclose@securin.io

05/Disclosure Timeline

Vendors moved in days.
Attackers in hours.

Reconstructed from vendor advisories, CISA bulletins, and Securin research records.

May 21, 2024:

Securin discovers the vulnerability in Follett School Solutions Destiny Library Manager version 21.2.0 RC2.

July 01, 2024

Securin reports the vulnerability to Follett School Solutions. Follett acknowledges they have received the report and states that they will investigate the issue.

July 08, 2024

Follett acknowledges the issue and reports they are working on establishing timing for releasing an official fix.

July 29, 2024

Follett shares that the official fix will be included in an update to the Destiny software on August 16, 2024.

August 16, 2024

Follett releases an official fix for the vulnerability.

Timeline recorded · Disclosure coordinated by Securin

06/References

Cite, verify, go deeper.

Primary sources — NVD, CISA KEV, and machine-readable IoC feed.

NVD

NVD — CVE-2024-47095

nvd.nist.gov/vuln/detail/CVE-2024-47095 →

SEC

Securin VI — Full Technical Analysis

vi.securin.io →

Reflected Cross-Site Scripting in Follett School Solutions Destiny Library Manager

CVE IDCVE-2024-47095

CVSS v3.15.1 Medium

VendorFollett School Solutions

CWECWE-79

DisclosedSep 26, 2024

StatusFixed

01/Description

What this actually is.

Technical background, root cause, and affected surface.

Vendor: Follett School Solutions
Affected Product: Destiny Library Manager
CVE: CVE-2024-47095
Securin ID: -
Status: Fixed
Date: September 26, 2024
Severity: Medium
CVSS Score: 5.1
CWE: CWE-79
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

02/Proof of Concept

From one request
to root shell.

Reproduced in a sandboxed environment. Requires only LAN or WiFi adjacency.

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ScopeChanged

ImpactC:L / I:L / A:N

SeverityMedium

We tested the following vulnerability on a deployment of Follett School Solutions Destiny Library Manager version 21.2.0 RC2.

PoC · Exploitation Steps▲ trigger

01Figure 1: Observing arbitrary JavaScript execution as a consequence of accessing the application through a crafted URL.

03/Impact

What an attacker does to you.

Post-exploitation outcomes mapped to CVSS impact metrics.

04/Remediation

Fix it. In this order.

A runbook, not a checklist. Sequence matters — assume compromise before you act.

Encode special characters prior to reflecting them in an HTML or JavaScript context via server-side templating.

Securin advisory — For coordinated remediation support or threat-actor briefings related to CVE-2024-47095, contact disclose@securin.io

05/Disclosure Timeline

Vendors moved in days.
Attackers in hours.

Reconstructed from vendor advisories, CISA bulletins, and Securin research records.

May 21, 2024:

Securin discovers the vulnerability in Follett School Solutions Destiny Library Manager version 21.2.0 RC2.

July 01, 2024

Securin reports the vulnerability to Follett School Solutions. Follett acknowledges they have received the report and states that they will investigate the issue.

July 08, 2024

Follett acknowledges the issue and reports they are working on establishing timing for releasing an official fix.

July 29, 2024

Follett shares that the official fix will be included in an update to the Destiny software on August 16, 2024.

August 16, 2024

Follett releases an official fix for the vulnerability.

Timeline recorded · Disclosure coordinated by Securin

06/References

Cite, verify, go deeper.

Primary sources — NVD, CISA KEV, and machine-readable IoC feed.

NVD

NVD — CVE-2024-47095

nvd.nist.gov/vuln/detail/CVE-2024-47095 →

SEC

Securin VI — Full Technical Analysis

vi.securin.io →

Reflected Cross-Site Scripting in Follett School Solutions Destiny Library Manager

What this actually is.

From one request
to root shell.

What an attacker does to you.

Fix it. In this order.

Vendors moved in days.
Attackers in hours.

Securin discovers the vulnerability in Follett School Solutions Destiny Library Manager version 21.2.0 RC2.

Securin reports the vulnerability to Follett School Solutions. Follett acknowledges they have received the report and states that they will investigate the issue.

Follett acknowledges the issue and reports they are working on establishing timing for releasing an official fix.

Follett shares that the official fix will be included in an update to the Destiny software on August 16, 2024.

Follett releases an official fix for the vulnerability.

Cite, verify, go deeper.

NVD — CVE-2024-47095

Securin VI — Full Technical Analysis

Let Securin level up your security posture.

Reflected Cross-Site Scripting in Follett School Solutions Destiny Library Manager

What this actually is.

From one request
to root shell.

What an attacker does to you.

Fix it. In this order.

Vendors moved in days.
Attackers in hours.

Securin discovers the vulnerability in Follett School Solutions Destiny Library Manager version 21.2.0 RC2.

Securin reports the vulnerability to Follett School Solutions. Follett acknowledges they have received the report and states that they will investigate the issue.

Follett acknowledges the issue and reports they are working on establishing timing for releasing an official fix.

Follett shares that the official fix will be included in an update to the Destiny software on August 16, 2024.

Follett releases an official fix for the vulnerability.

Cite, verify, go deeper.

NVD — CVE-2024-47095

Securin VI — Full Technical Analysis

Let Securin level up your security posture.

Reflected Cross-Site Scripting in Follett School Solutions Destiny Library Manager

What this actually is.

From one requestto root shell.

What an attacker does to you.

Fix it. In this order.

Vendors moved in days.Attackers in hours.

Securin discovers the vulnerability in Follett School Solutions Destiny Library Manager version 21.2.0 RC2.

Securin reports the vulnerability to Follett School Solutions. Follett acknowledges they have received the report and states that they will investigate the issue.

Follett acknowledges the issue and reports they are working on establishing timing for releasing an official fix.

Follett shares that the official fix will be included in an update to the Destiny software on August 16, 2024.

Follett releases an official fix for the vulnerability.

Cite, verify, go deeper.

NVD — CVE-2024-47095

Securin VI — Full Technical Analysis

Let Securin level up your security posture.

Reflected Cross-Site Scripting in Follett School Solutions Destiny Library Manager

What this actually is.

From one requestto root shell.

What an attacker does to you.

Fix it. In this order.

Vendors moved in days.Attackers in hours.

Securin discovers the vulnerability in Follett School Solutions Destiny Library Manager version 21.2.0 RC2.

Securin reports the vulnerability to Follett School Solutions. Follett acknowledges they have received the report and states that they will investigate the issue.

Follett acknowledges the issue and reports they are working on establishing timing for releasing an official fix.

Follett shares that the official fix will be included in an update to the Destiny software on August 16, 2024.

Follett releases an official fix for the vulnerability.

Cite, verify, go deeper.

NVD — CVE-2024-47095

Securin VI — Full Technical Analysis

Let Securin level up your security posture.

From one request
to root shell.

Vendors moved in days.
Attackers in hours.

From one request
to root shell.

Vendors moved in days.
Attackers in hours.