CVE-2019-14696: XSS
First published: Tue Aug 06 2019(Updated: )
Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Open-school Open-school | =2.3 | |
| Open-school Open-school | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14696?
CVE-2019-14696 is a vulnerability in Open-School 3.0 and Community Edition 2.3 that allows cross-site scripting (XSS) attacks.
How does CVE-2019-14696 work?
CVE-2019-14696 works by exploiting the osv/index.php?r=students/guardians/create id parameter to inject and execute malicious scripts.
What is the severity of CVE-2019-14696?
CVE-2019-14696 has a severity rating of medium with a CVSS score of 6.1.
Which versions of Open-School are affected by CVE-2019-14696?
Open-School 3.0 and Community Edition 2.3 are affected by CVE-2019-14696.
How can I fix CVE-2019-14696?
To fix CVE-2019-14696, update Open-School to a patched version or apply the necessary security patches provided by the vendor.
- collector/nvd-index
- vendor/open-school
- canonical/open-school open-school
- version/open-school open-school/2.3
- version/open-school open-school/3.0