francoisjacquet/rosariosis is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via the include_inactive
parameter in PrintSchedules.php
.
exchange.xforce.ibmcloud.com/vulnerabilities/184944
gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md
gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a
gitlab.com/francoisjacquet/rosariosis/-/issues/291
gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta