CVE-2019-14696 Scanner

Open-School is a web-based school management system that is designed to simplify the tasks of teachers, administrators, and parents. Open-School Community Edition is a free version for educational institutions to avail of the software and open-source developers to customize it. These software solutions offer a variety of functions, including managing students, staff, classes, timetables, grades, attendance, and finance. They provide a centralized platform for schools, colleges, and universities to manage and streamline their daily routine tasks. 

The CVE-2019-14696 vulnerability detected in Open-School 3.0 and Community Edition 2.3 is a cross-site scripting (XSS) vulnerability. It stems from the lack of input validation for the 'id' parameter in the osv/index.php?r=students/guardians/create URL. The attacker can inject malicious script code, which runs in the victim's browser when they view the affected web page. 

When exploited, the CVE-2019-14696 vulnerability can enable an attacker to hijack the session of an authorized user, access sensitive data, and impersonate administrators or teachers. They can also redirect users to other web pages, install malware on the victim's computer, or steal their login credentials. This can lead to significant security breaches, reputation damage, and financial loss for educational institutions and their members. 

Securityforeveryone.com is a platform that provides pro features for detecting and remediating vulnerabilities in digital assets. It offers a wide range of security tools and services, such as vulnerability scanning, web application testing, network monitoring, and incident response. Thanks to its comprehensive security solutions, readers of this article can enhance their cybersecurity posture and protect their digital assets from cyber threats.

REFERENCES

• http://packetstormsecurity.com/files/153984/Open-School-3.0-Community-Edition-2.3-Cross-Site-Scripting.html
• https://open-school.org
• https://pastebin.com/AgxqdbAQ