RosarioSis is a student information system. It is used to manage students, create reports and make the right decisions. A cross-site scripting vulnerability exists in RosarioSIS version 8.2.1, which stems from a lack of data validation filtering on user-supplied data and output. An attacker can exploit this vulnerability to inject arbitrary HTML via the search_term parameter in Modules/Scheduling/Courses.
CPE | Name | Operator | Version |
---|---|---|---|
rosariosis rosariosis | eq | 8.2.1 |