CVE-2014-9126: OpenSchool Community Edition index.php cross-site scripting

2015-01-25T00:00:00
ID CVE-2014-9126
Type cve
Reporter NVD
Modified 2015-01-25T00:00:00

Description

OpenSchool Community Edition is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the index.php script. A remote attacker could exploit this vulnerability using various fields or parameters to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked or page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.