.. / CVE-2019-14696

Exploit for Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting (CVE-2019-14696)

Description:

Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.

Nuclei Template

View the template here CVE-2019-14696.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-14696.yaml
Copy

References:

https://open-school.org
https://github.com/ARPSyndicate/kenzer-templates
https://pastebin.com/AgxqdbAQ
https://nvd.nist.gov/vuln/detail/CVE-2019-14696
http://packetstormsecurity.com/files/153984/Open-School-3.0-Community-Edition-2.3-Cross-Site-Scripting.html