Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rosariosis rosariosis vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-15721
RosarioSIS up to and including 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
Rosariosis Rosariosis
Rosariosis Rosariosis 6.8
5.4
CVSSv3
CVE-2022-2036
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis before 9.0.1.
Rosariosis Rosariosis
5.4
CVSSv3
CVE-2021-44565
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS prior to 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.
Rosariosis Rosariosis
5.4
CVSSv3
CVE-2021-44566
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS prior to 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.
Rosariosis Rosariosis
9.8
CVSSv3
CVE-2021-44567
An unauthenticated SQL Injection vulnerability exists in RosarioSIS prior to 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
Rosariosis Rosariosis
5.4
CVSSv3
CVE-2022-3072
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis before 8.9.3.
Rosariosis Rosariosis
9.8
CVSSv3
CVE-2022-2714
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis before 10.0.
Rosariosis Rosariosis
6.5
CVSSv3
CVE-2023-2202
Improper Access Control in GitHub repository francoisjacquet/rosariosis before 10.9.3.
Rosariosis Rosariosis
7.5
CVSSv3
CVE-2023-0994
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis before 10.8.2.
Rosariosis Rosariosis
9.8
CVSSv3
CVE-2021-44427
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) prior to 8.1.1 allows remote malicious users to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Rosariosis Rosariosis
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »