Lucene search

K

RosarioSIS Security Vulnerabilities

cve
cve

CVE-2023-2665

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to...

7.5CVSS

7.4AI Score

0.001EPSS

2023-05-12 01:15 AM
25
cve
cve

CVE-2023-29918

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods...

5.4CVSS

5.5AI Score

0.001EPSS

2023-05-02 04:15 PM
32
cve
cve

CVE-2023-2202

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to...

6.5CVSS

5.1AI Score

0.001EPSS

2023-04-21 02:15 AM
32
cve
cve

CVE-2023-0994

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to...

7.5CVSS

7.6AI Score

0.001EPSS

2023-02-24 02:15 AM
27
cve
cve

CVE-2022-2714

Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to...

9.8CVSS

9.5AI Score

0.002EPSS

2022-09-06 11:15 AM
61
3
cve
cve

CVE-2022-3072

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to...

5.4CVSS

5.2AI Score

0.001EPSS

2022-09-01 08:15 AM
48
15
cve
cve

CVE-2022-2067

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to...

9.1CVSS

9.5AI Score

0.001EPSS

2022-06-13 01:15 PM
71
2
cve
cve

CVE-2022-2036

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to...

5.4CVSS

5.2AI Score

0.001EPSS

2022-06-09 05:15 PM
49
6
cve
cve

CVE-2022-1997

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to...

5.4CVSS

5.2AI Score

0.001EPSS

2022-06-08 02:15 PM
61
3
cve
cve

CVE-2021-44567

An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in...

9.8CVSS

9.9AI Score

0.001EPSS

2022-02-24 03:15 PM
59
cve
cve

CVE-2021-44565

A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input...

5.4CVSS

5.2AI Score

0.001EPSS

2022-02-24 03:15 PM
51
cve
cve

CVE-2021-44566

A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in...

5.4CVSS

5.2AI Score

0.001EPSS

2022-02-24 03:15 PM
41
cve
cve

CVE-2021-45416

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php...

6.1CVSS

5.9AI Score

0.001EPSS

2022-02-01 01:15 PM
42
cve
cve

CVE-2021-44427

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear...

9.8CVSS

9.9AI Score

0.044EPSS

2021-11-29 10:15 PM
48
cve
cve

CVE-2020-13278

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET...

6.1CVSS

6.1AI Score

0.001EPSS

2020-08-12 02:15 PM
39
cve
cve

CVE-2020-15718

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted...

6.1CVSS

6.1AI Score

0.002EPSS

2020-07-15 08:15 PM
21
cve
cve

CVE-2020-15717

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted...

6.1CVSS

6.1AI Score

0.002EPSS

2020-07-15 07:15 PM
21
cve
cve

CVE-2020-15716

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted...

6.1CVSS

6.1AI Score

0.002EPSS

2020-07-15 07:15 PM
21
cve
cve

CVE-2020-15721

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and...

6.1CVSS

6AI Score

0.001EPSS

2020-07-14 03:15 PM
33