3 matches found
RosarioSIS 6.7.2 - Cross-Site Scripting
RosarioSIS version 6.7.2 and earlier contains a reflected cross-site scripting XSS vulnerability in the Preferences module. The 'tab' parameter in Modules.php is not properly sanitized, allowing an attacker to inject arbitrary JavaScript code via a crafted URL. id: CVE-2020-15718 info: name:...
CVE-2020-15718
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the includeinactive parameter in a crafted URL...
CVE-2020-15718
RosarioSIS 6.7.2 is affected by CVE-2020-15718: a cross-site scripting vulnerability in PrintSchedules.php caused by improper validation of user input. A remote attacker can exploit the include_inactive parameter in a crafted URL to execute script in the victim’s browser. PoC data exists (e.g., P...