Total
15 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0994 | 1 Rosariosis | 1 Rosariosis | 2023-03-03 | N/A | 7.5 HIGH |
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. | |||||
CVE-2022-2714 | 1 Rosariosis | 1 Rosariosis | 2022-09-13 | N/A | 9.8 CRITICAL |
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. | |||||
CVE-2022-3072 | 1 Rosariosis | 1 Rosariosis | 2022-09-02 | N/A | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. | |||||
CVE-2022-2067 | 1 Rosariosis | 1 Rosariosis | 2022-06-21 | 6.4 MEDIUM | 9.1 CRITICAL |
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. | |||||
CVE-2022-2036 | 1 Rosariosis | 1 Rosariosis | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | |||||
CVE-2022-1997 | 1 Rosariosis | 1 Rosariosis | 2022-06-14 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. | |||||
CVE-2021-44567 | 1 Rosariosis | 1 Rosariosis | 2022-03-02 | 7.5 HIGH | 9.8 CRITICAL |
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. | |||||
CVE-2021-44566 | 1 Rosariosis | 1 Rosariosis | 2022-03-02 | 3.5 LOW | 5.4 MEDIUM |
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. | |||||
CVE-2021-44565 | 1 Rosariosis | 1 Rosariosis | 2022-03-02 | 3.5 LOW | 5.4 MEDIUM |
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields. | |||||
CVE-2021-45416 | 1 Rosariosis | 1 Rosariosis | 2022-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | |||||
CVE-2021-44427 | 1 Rosariosis | 1 Rosariosis | 2021-11-30 | 7.5 HIGH | 9.8 CRITICAL |
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter. | |||||
CVE-2020-15718 | 1 Rosariosis | 1 Rosariosis | 2020-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL. | |||||
CVE-2020-15716 | 1 Rosariosis | 1 Rosariosis | 2020-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL. | |||||
CVE-2020-15717 | 1 Rosariosis | 1 Rosariosis | 2020-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL. | |||||
CVE-2020-15721 | 1 Rosariosis | 1 Rosariosis | 2020-07-22 | 4.3 MEDIUM | 6.1 MEDIUM |
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php. |