4 matches found
RosarioSIS 6.7.2 - Cross Site Scripting (XSS)
Exploit Title: RosarioSIS 6.7.2 - Cross Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 6.7.2 Tested on: Windows CVE : CVE-2020-15716 Proof Of Concep...
CVE-2020-15716
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL...
CVE-2020-15716
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL...
CVE-2020-15716
RosarioSIS 6.7.2 contains a stored/reflected XSS in Preferences.php caused by improper validation of user input. An attacker can craft a URL with a manipulated tab parameter to execute injected script in a victim’s browser. The condition requires user interaction (depending on request flow) and a...