CVE-2014-1914

Command School Student Management System 1.06.01 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to sw/chat/message.php.

References (6)

[Exploit] http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90178

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90179

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/64707

[Third Party Advisory, VDB Entry] http://osvdb.org/101891

[Third Party Advisory, VDB Entry] http://osvdb.org/101892

Scores

EPSS 0.0048

EPSS Percentile 64.8%

Details

CWE

CWE-79

Status published

Products (2)

doug_poulin/command_school_student_management_system

n/a/n/a

Published Feb 07, 2014

Tracked Since Feb 18, 2026