Lucene search

[email protected]CVE-2019-14696

HistoryAug 06, 2019 - 4:15 p.m.

CVE-2019-14696

2019-08-0616:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2019-14696

open-school

community edition

xss

osv

students

guardians

create

id parameter

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.

Affected configurations

NVD

Node

open-schoolopen-schoolMatch2.3community

open-schoolopen-schoolMatch3.0-

CPENameOperatorVersion
open-school:open-schoolopen-schooleq2.3
open-school:open-schoolopen-schooleq3.0

CPE	Name	Operator	Version
open-school:open-school	open-school	eq	2.3
open-school:open-school	open-school	eq	3.0

References

packetstormsecurity.com/files/153984/Open-School-3.0-Community-Edition-2.3-Cross-Site-Scripting.html

open-school.org

pastebin.com/AgxqdbAQ

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for CVE-2019-14696

zdt1 exploitpack1 cvelist1 prion1 nvd1 nuclei1 packetstorm1 exploitdb1