CVE-2014-1914

2014-02-07T15:48:00
ID CVE-2014-1914
Type cve
Reporter cve@mitre.org
Modified 2017-08-29T01:34:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to sw/chat/message.php.