First published: Tue Aug 06 2019(Updated: )
Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Open-school Open-school | =2.3 | |
Open-school Open-school | =3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-14696 is a vulnerability in Open-School 3.0 and Community Edition 2.3 that allows cross-site scripting (XSS) attacks.
CVE-2019-14696 works by exploiting the osv/index.php?r=students/guardians/create id parameter to inject and execute malicious scripts.
CVE-2019-14696 has a severity rating of medium with a CVSS score of 6.1.
Open-School 3.0 and Community Edition 2.3 are affected by CVE-2019-14696.
To fix CVE-2019-14696, update Open-School to a patched version or apply the necessary security patches provided by the vendor.