Lucene search

[email protected]CVE-2014-1914

HistoryFeb 07, 2014 - 3:48 p.m.

CVE-2014-1914

2014-02-0715:48:57

CWE-79

[email protected]

web.nvd.nist.gov

xss

command school

student management system

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to sw/chat/message.php.

Affected configurations

NVD

Node

doug_poulincommand_school_student_management_systemMatch1.06.01

CPENameOperatorVersion
doug_poulin:command_school_student_management_systemdoug poulin command school student management systemeq1.06.01

CPE	Name	Operator	Version
doug_poulin:command_school_student_management_system	doug poulin command school student management system	eq	1.06.01

References

osvdb.org/101891

osvdb.org/101892

packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html

www.securityfocus.com/bid/64707

exchange.xforce.ibmcloud.com/vulnerabilities/90178

exchange.xforce.ibmcloud.com/vulnerabilities/90179

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.1%

JSON

Related for CVE-2014-1914

prion2 nvd2 cvelist2 cve1