commit
03408f5d97
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2019-14696
|
||||
|
||||
info:
|
||||
name: Open-Scool 3.0/Community Edition 2.3 - Cross-Site Scripting
|
||||
name: Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.
|
||||
|
@ -15,7 +15,7 @@ info:
|
|||
cvss-score: 6.1
|
||||
cve-id: CVE-2019-14696
|
||||
cwe-id: CWE-79
|
||||
tags: packetstorm,cve,cve2019,xss
|
||||
tags: cve,cve2019,xss,open-school
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -24,12 +24,19 @@ requests:
|
|||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '<script>alert(document.domain)</script>'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- text/html
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
words:
|
||||
- '<script>alert(document.domain)</script>'
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/08/08
|
||||
|
|
Loading…
Reference in New Issue