Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

rosariosis rosariosis vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2021-44567
An unauthenticated SQL Injection vulnerability exists in RosarioSIS prior to 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
Rosariosis Rosariosis
7.5
CVSSv2
CVE-2021-44427
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) prior to 8.1.1 allows remote malicious users to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Rosariosis Rosariosis
6.4
CVSSv2
CVE-2022-2067
SQL Injection in GitHub repository francoisjacquet/rosariosis before 9.0.
Rosariosis Rosariosis
4.3
CVSSv2
CVE-2021-45416
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows malicious users to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
Rosariosis Rosariosis 8.2.1
4.3
CVSSv2
CVE-2020-13278
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote malicious users to execute arbitrary web script via embedding javascript or HTML tags in a GET request.
Rosariosis Student Information System
4.3
CVSSv2
CVE-2020-15718
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
Rosariosis Rosariosis 6.7.2
4.3
CVSSv2
CVE-2020-15716
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.
Rosariosis Rosariosis 6.7.2
4.3
CVSSv2
CVE-2020-15717
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.
Rosariosis Rosariosis 6.7.2
4.3
CVSSv2
CVE-2020-15721
RosarioSIS up to and including 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
Rosariosis RosariosisRosariosis Rosariosis 6.8
3.5
CVSSv2
CVE-2022-2036
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis before 9.0.1.
Rosariosis Rosariosis
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmwareCVE-2023-52866CVE-2024-4367CVE-2024-1721CVE-2023-34992XML injectionCVE-2023-52817SQLCVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook