52 matches found
EUVD-2022-5910
Malicious code in bioql PyPI...
CVE-2023-2665
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0...
CVE-2023-0994
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2...
CVE-2023-2202
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3...
CVE-2022-1997
Cross-site Scripting XSS - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0...
CVE-2022-2067
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0...
Cross Site Scripting (XSS)
francoisjacquet/rosariosis is vulnerable to Cross Site Scripting. The vulnerability is due to improper handling of input in the component Add Portal Note, leading to the execution of arbitrary JavaScript code...
CVE-2024-3138
DISPUTED A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...
CVE-2024-3138
The CVE-2024-3138 entry concerns francoisjacquet RosarioSIS 11.5.1, where a Cross-Site Scripting (XSS) vulnerability is attributed to an unknown processing in the Add Portal Note component. Reported impact is remote exploitation with user interaction required, leading to I(low) and A(none) for co...
CVE-2024-3138 francoisjacquet RosarioSIS Add Portal Note cross site scripting
DISPUTED A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...
Information Disclosure
francoisjacquet/rosariosis is vulnerable to Information Disclosure. The vulnerability exists due to the lack of permissions and random generation of file names for uploaded files, which allows an attacker to download files on the system...
CSV Injection
francoisjacquet/rosariosis is vulnerable to CSV Injection. The vulnerability exists because the listSearch function of ListOutput.fnc.php does not properly escape CSV records, which allows an attacker to inject and execute malicious code via a crafted excel file...
CVE-2023-2665 Storage of Sensitive Data in a Mechanism without Access Control in francoisjacquet/rosariosis
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0...
CVE-2023-2665 Storage of Sensitive Data in a Mechanism without Access Control in francoisjacquet/rosariosis
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0...
Improper Access Control
francoisjacquet/rosariosis is vulnerable to Improper Access Control. A remote attacker is able to bypass access control mechanisms due to missing authentication checks in the assets/js/warehouse.js file which can lead to information disclosure...
CVE-2023-2202
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3...
CVE-2023-2202
RosarioSIS (open-source student information system) is affected by CVE-2023-2202 due to improper access control in versions prior to 10.9.3. The vulnerability permits returning to pages containing personally identifiable information (PII) and sensitive data after logout by using the browser back ...
CVE-2023-2202 Improper Access Control in francoisjacquet/rosariosis
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3...
CVE-2023-0994 Exposure of Sensitive Information to an Unauthorized Actor in francoisjacquet/rosariosis
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2...
CVE-2023-0994 Exposure of Sensitive Information to an Unauthorized Actor in francoisjacquet/rosariosis
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2...