CVE-2014-1914

Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to sw/chat/message.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:doug_poulin:command_school_student_management_system:1.06.01:*:*:*:*:*:*:*

History

21 Nov 2024, 02:05

Type Values Removed Values Added
References () http://osvdb.org/101891 - () http://osvdb.org/101891 -
References () http://osvdb.org/101892 - () http://osvdb.org/101892 -
References () http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html - Exploit () http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html - Exploit
References () http://www.securityfocus.com/bid/64707 - () http://www.securityfocus.com/bid/64707 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/90178 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/90178 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/90179 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/90179 -

Information

Published : 2014-02-07 15:48

Updated : 2024-11-21 02:05


NVD link : CVE-2014-1914

Mitre link : CVE-2014-1914

CVE.ORG link : CVE-2014-1914


JSON object : View

Products Affected

doug_poulin

  • command_school_student_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')