Vulnerability Details CVE-2019-14696
Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.136
EPSS Ranking 94.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/153984/Open-School-3.0-Community-Edition-2.3-Cross-Site-Scripting.html
- https://open-school.org
- https://pastebin.com/AgxqdbAQ
- http://packetstormsecurity.com/files/153984/Open-School-3.0-Community-Edition-2.3-Cross-Site-Scripting.html
- https://open-school.org
- https://pastebin.com/AgxqdbAQ
Products affected by CVE-2019-14696
-
cpe:2.3:a:open-school:open-school:2.3
-
cpe:2.3:a:open-school:open-school:3.0