Open-school : Security Vulnerabilities, CVEs,

CVE-2019-14754

Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.
Max CVSS
9.8
EPSS Score
0.19%
Published
2019-08-08
Updated
2019-08-14

CVE-2019-14696

Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
Max CVSS
6.1
EPSS Score
0.62%
Published
2019-08-06
Updated
2019-08-13

CVE-2014-9127

Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php.
Max CVSS
6.5
EPSS Score
0.16%
Published
2020-02-08
Updated
2020-02-10

CVE-2014-9126

Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php.
Max CVSS
6.1
EPSS Score
0.14%
Published
2020-02-08
Updated
2020-02-10

CVE-2009-4208

SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php.
Max CVSS
7.5
EPSS Score
0.11%
Published
2009-12-04
Updated
2017-09-19
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close