francoisjacquet/rosariosis is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via the tab
parameter in Preferences.php
.
CPE | Name | Operator | Version |
---|---|---|---|
francoisjacquet/rosariosis | le | 6.7.2 |
exchange.xforce.ibmcloud.com/vulnerabilities/184942
gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md
gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a
gitlab.com/francoisjacquet/rosariosis/-/issues/291
gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta