SecurinZero Days
    Email Us
    Zero-Day Research/CVE-2024-47096
    ▲ MediumCVSS 5.1✓ Patched

    Reflected Cross-Site Scripting in Follett School Solutions Destiny Library Manager

    Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do.

    CVE IDCVE-2024-47096
    CVSS v3.15.1 Medium
    VendorFollett School Solutions
    CWECWE-79
    DisclosedMay 28, 2026
    StatusFixed
    All advisories
    • 01Description
    • 02References
    01/Description

    What this actually is.

    Technical background, root cause, and affected surface.

    Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do.

    Vendor
    Follett School Solutions
    Product
    Destiny Library Manager
    Severity
    Medium
    CVSS Score
    5.1
    Status
    Fixed
    Vector
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
    CWE
    CWE-79
    02/References

    Cite, verify, go deeper.

    Primary sources — NVD, CISA KEV, and machine-readable IoC feed.

    NVD

    NVD — CVE-2024-47096

    nvd.nist.gov/vuln/detail/CVE-2024-47096 →
    SEC

    Securin VI — Full Technical Analysis

    vi.securin.io →

    Let Securin level up your security posture.

    Get a live exposure assessment, threat-actor briefing tailored to your sector, and IoC mapping for your SIEM.

    Browse all advisories
    SecurinSecurinZero Days

    Securin's zero-day research operation combines frontier AI models with a decade of offensive expertise — discovering, validating, and coordinating the disclosure of high-impact vulnerabilities at a scale and speed no human team achieves alone.

    Glossary
    © 2026 Securin Inc · CVE Numbering Authority
    Privacy Policy·Data Processing Addendum