Open-School 3.0/Community Edition 2.3 - Cross Site Scripting

Published on

10 Jan 2022

Vulnerability

Description

The osv/index.php?r=students/guardians/create id parameter in Open-School 3.0 and Community Edition 2.3 is vulnerable to XSS.

Recommendation

Update to the latest version

Experience the Beagle Security platform

Unlock one full penetration test and all Advanced plan features free for 10 days

Related Articles

TLS Firefox compatibility

TLS Firefox compatibility

Co-founder, Director

WordPress key weak hashing

WordPress key weak hashing

Cyber Security Engineer

Information sent using unencrypted channels

Information sent using unencrypted channels

Manieendar Mohan

Cyber Security Lead Engineer

Information leakage of the web application's directory or folder path

Information leakage of the web application's directory or folder path

Cyber Security Lead Engineer

Information leakage using meta tag

Information leakage using meta tag

Cyber Security Engineer

Sensitive data exposure

Sensitive data exposure

Cyber Security Lead Engineer

Potentially dangerous file

Potentially dangerous file

Cyber Security Lead Engineer

Symfony database configuration exposure

Symfony database configuration exposure

Cyber Security Engineer

Test for checking file uploads

Test for checking file uploads

Co-founder, Director

TLS OpenSSL compatibility

TLS OpenSSL compatibility

Cyber Security Engineer

The SWEET32 attack

The SWEET32 attack

Co-founder, Director

Server-Side Includes (SSI) injection

Server-Side Includes (SSI) injection

Cyber Security Lead Engineer

Webflow subdomain takeover detection

Webflow subdomain takeover detection

Cyber Security Engineer

WebDAV detection

WebDAV detection

Co-founder, Director

Content Security Policy (CSP) header not implemented

Content Security Policy (CSP) header not implemented

Cyber Security Engineer