Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rosariosis rosariosis vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-44567
An unauthenticated SQL Injection vulnerability exists in RosarioSIS prior to 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
Rosariosis Rosariosis
668
VMScore
CVE-2021-44427
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) prior to 8.1.1 allows remote malicious users to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Rosariosis Rosariosis
570
VMScore
CVE-2022-2067
SQL Injection in GitHub repository francoisjacquet/rosariosis before 9.0.
Rosariosis Rosariosis
384
VMScore
CVE-2021-45416
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows malicious users to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
Rosariosis Rosariosis 8.2.1
2 Github repositories
383
VMScore
CVE-2020-13278
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote malicious users to execute arbitrary web script via embedding javascript or HTML tags in a GET request.
Rosariosis Student Information System
383
VMScore
CVE-2020-15718
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
Rosariosis Rosariosis 6.7.2
383
VMScore
CVE-2020-15716
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.
Rosariosis Rosariosis 6.7.2
383
VMScore
CVE-2020-15717
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.
Rosariosis Rosariosis 6.7.2
383
VMScore
CVE-2020-15721
RosarioSIS up to and including 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
Rosariosis Rosariosis
Rosariosis Rosariosis 6.8
312
VMScore
CVE-2022-2036
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis before 9.0.1.
Rosariosis Rosariosis
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »