CVE ID:

CVE-2014-1914

Details:

Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to sw/chat/message.php.

References:

:http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html
OSVDB:101891
:http://osvdb.org/101891
OSVDB:101892
:http://osvdb.org/101892
XF:commandschool-addtopic-xss(90178)
:http://xforce.iss.net/xforce/xfdb/90178
XF:commandschool-message-xss(90179)
:http://xforce.iss.net/xforce/xfdb/90179

ZeroDayLab Assigned Tags:

WEB BASED ATTACK
REMOTE
CROSS SITE SCRIPTING - What is Cross Site Scripting?
INJECTION ATTACK