Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rosariosis rosariosis vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-2714
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis before 10.0.
Rosariosis Rosariosis
9.8
CVSSv3
CVE-2021-44567
An unauthenticated SQL Injection vulnerability exists in RosarioSIS prior to 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
Rosariosis Rosariosis
9.8
CVSSv3
CVE-2021-44427
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) prior to 8.1.1 allows remote malicious users to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Rosariosis Rosariosis
9.1
CVSSv3
CVE-2022-2067
SQL Injection in GitHub repository francoisjacquet/rosariosis before 9.0.
Rosariosis Rosariosis
7.5
CVSSv3
CVE-2023-2665
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis before 11.0.
Rosariosis Rosariosis
7.5
CVSSv3
CVE-2023-0994
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis before 10.8.2.
Rosariosis Rosariosis
6.5
CVSSv3
CVE-2023-2202
Improper Access Control in GitHub repository francoisjacquet/rosariosis before 10.9.3.
Rosariosis Rosariosis
6.1
CVSSv3
CVE-2021-45416
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows malicious users to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
Rosariosis Rosariosis 8.2.1
2 Github repositories
6.1
CVSSv3
CVE-2020-13278
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote malicious users to execute arbitrary web script via embedding javascript or HTML tags in a GET request.
Rosariosis Student Information System
6.1
CVSSv3
CVE-2020-15718
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
Rosariosis Rosariosis 6.7.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »