Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rosariosis rosariosis vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-44567
An unauthenticated SQL Injection vulnerability exists in RosarioSIS prior to 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
Rosariosis Rosariosis
7.5
CVSSv2
CVE-2021-44427
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) prior to 8.1.1 allows remote malicious users to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Rosariosis Rosariosis
6.4
CVSSv2
CVE-2022-2067
SQL Injection in GitHub repository francoisjacquet/rosariosis before 9.0.
Rosariosis Rosariosis
4.3
CVSSv2
CVE-2021-45416
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows malicious users to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
Rosariosis Rosariosis 8.2.1
2 Github repositories
4.3
CVSSv2
CVE-2020-13278
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote malicious users to execute arbitrary web script via embedding javascript or HTML tags in a GET request.
Rosariosis Student Information System
4.3
CVSSv2
CVE-2020-15718
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
Rosariosis Rosariosis 6.7.2
4.3
CVSSv2
CVE-2020-15716
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.
Rosariosis Rosariosis 6.7.2
4.3
CVSSv2
CVE-2020-15717
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.
Rosariosis Rosariosis 6.7.2
4.3
CVSSv2
CVE-2020-15721
RosarioSIS up to and including 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
Rosariosis Rosariosis
Rosariosis Rosariosis 6.8
3.5
CVSSv2
CVE-2022-2036
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis before 9.0.1.
Rosariosis Rosariosis
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »