OpenSIS Community Edition prior to 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.
os4ed opensis