EUVD-2020-7704

Malware in sbrugna...

Cross-Site Scripting (XSS)

francoisjacquet/rosariosis is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the includeinactive parameter in PrintSchedules.php...

CVE-2020-15718

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the includeinactive parameter in a crafted URL...

CVE-2020-15718

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the includeinactive parameter in a crafted URL...

Input validation

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the includeinactive parameter in a crafted URL...

CVE-2020-15718

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the includeinactive parameter in a crafted URL...

CVE-2020-15718

RosarioSIS 6.7.2 is affected by CVE-2020-15718: a cross-site scripting vulnerability in PrintSchedules.php caused by improper validation of user input. A remote attacker can exploit the include_inactive parameter in a crafted URL to execute script in the victim’s browser. PoC data exists (e.g., P...