Vulnerabilities > Open School > Open School > 2.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-08 | CVE-2019-14754 | SQL Injection vulnerability in Open-School 2.3/3.0 Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter. | 7.5 |
2019-08-06 | CVE-2019-14696 | Cross-site Scripting vulnerability in Open-School 2.3/3.0 Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter. | 4.3 |