CVE-2014-1914

Name of the Vulnerable Software and Affected Versions Command School Student Management System version 1.06.01

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the topic parameter to "sw/add topic.php" and the nick parameter to "sw/chat/message.php" are vulnerable.

Recommendations For Command School Student Management System version 1.06.01, consider disabling access to the "sw/add topic.php" and "sw/chat/message.php" scripts until a patch is available. Restrict the use of the topic and nick parameters in these scripts to minimize the risk of exploitation.