CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting

Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter. id: CVE-2019-14696 info: name: Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting author: pikpikcu severity: medium description: Open-School 3.0, and...

6.1CVSS6.2AI score0.32208EPSS

Exploits5References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-8952

Malware in sbrugna...

6.5CVSS6.5AI score0.00214EPSS

Exploits3References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-5893

Malware in sbrugna...

9.8CVSS9.5AI score0.0037EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-8951

Malware in sbrugna...

6.1CVSS6.3AI score0.00161EPSS

Exploits3References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-4178

Malware in sbrugna...

7.5CVSS6.4AI score0.00233EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 9:15 a.m.•6 views

CVE-2019-14696

Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter...

6.1CVSS5.8AI score0.32208EPSS

Exploits5References1

RedhatCVE•added 2025/05/22 7:55 a.m.•2 views

CVE-2019-14754

Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter...

9.8CVSS8.3AI score0.0037EPSS

Exploits1References1

NVD•added 2020/02/08 5:15 p.m.•12 views

CVE-2014-9126

Multiple cross-site scripting XSS vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YIICSRFTOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php...

6.1CVSS6.1AI score0.00161EPSS

Exploits3References1

NVD•added 2020/02/08 5:15 p.m.•10 views

CVE-2014-9127

Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php...

6.5CVSS6.1AI score0.00214EPSS

Exploits3References1

Prion•added 2020/02/08 5:15 p.m.•14 views

Cross site scripting

4.3CVSS6AI score0.00161EPSS

Exploits3References1Affected Software1

Prion•added 2020/02/08 5:15 p.m.•9 views

Open redirect

4CVSS6.2AI score0.00214EPSS

Exploits3References1Affected Software1

CVE•added 2020/02/08 4:36 p.m.•103 views

CVE-2014-9127

Open-School Community Edition 2.2 is affected by CVE-2014-9127: an access control bypass in the export feature allows remote authenticated users to view sensitive data via the r parameter set to export on index.php. The issue enables partial confidentiality impact as described in the CVE entry, w...

6.5CVSS6AI score0.00214EPSS

Exploits3References1Affected Software1

Cvelist•added 2020/02/08 4:36 p.m.•10 views

CVE-2014-9127

6.1AI score0.00214EPSS

Exploits3References1

Cvelist•added 2020/02/08 4:23 p.m.•15 views

CVE-2014-9126

6.1AI score0.00161EPSS

Exploits3References1

CVE•added 2020/02/08 4:23 p.m.•103 views

CVE-2014-9126

CVE-2014-9126 affects Open-School Community Edition 2.2. The vulnerability is described as multiple cross-site scripting (XSS) issues that allow remote attackers to inject arbitrary script/HTML via the YII_CSRF_TOKEN HTTP cookie or through the StudentDocument, StudentCategories, and StudentPrevio...

6.1CVSS6AI score0.00161EPSS

Exploits3References1Affected Software1

CNVD•added 2020/02/07 12:0 a.m.•1 views

Open-School Community Edition Cross-Site Scripting Vulnerability

Open-School is a web-based school management software. The software offers online billing, attendance and online library.Open-School Community Edition is the community edition of Open-School. A cross-site scripting vulnerability exists in Open-School Community Edition version 2.2. The vulnerabili...

6.1CVSS6.4AI score0.00161EPSS

Exploits3References1

0day.today•added 2019/08/09 12:0 a.m.•37 views

Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting Vulnerability Exploit Author: Greg.Priest Vendor Homepage: https://open-school.org/ Software Link: Version: Open-School 3.0/Community Edition 2.3 Tested on: Windows/Linux CVE :...

4.3CVSS6.4AI score0.32208EPSS

Exploits5

CNVD•added 2019/08/09 12:0 a.m.•1 views

Open-School SQL Injection Vulnerability

Open-School is a Web-based school management software. The software provides online fee collection, attendance and online library features. A SQL injection vulnerability exists in Open-School version 2.3 Community Edition and version 3.0, which stems from a lack of validation of externally entere...

9.8CVSS8.2AI score0.0037EPSS

Exploits1References1

NVD•added 2019/08/08 1:15 p.m.•8 views

CVE-2019-14754

Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter...

9.8CVSS10AI score0.0037EPSS

Exploits1References2