5 matches found
EUVD-2014-8951
Malware in sbrugna...
CVE-2014-9127
Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YIICSRFTOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php...
CVE-2014-9127
Open-School Community Edition 2.2 is affected by CVE-2014-9127: an access control bypass in the export feature allows remote authenticated users to view sensitive data via the r parameter set to export on index.php. The issue enables partial confidentiality impact as described in the CVE entry, w...
Open-School Community Edition 2.2 Cross Site Scripting
============================================================== Title ...| Open-School Community Edition 2.2 Version .| osv2.2-CE.zip Date ....| 23.02.2014 Found ...| HauntIT Blog Home ....| http://sourceforge.net ============================================================== + From admin user:...