Rosariosis

rosariosis

Vendor: Rosariosis • 18 CVEs

CVEs (18)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-2665 1Rosariosis 1Rosariosis Nov 21, 2024 May 12, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.
CVE-2023-29918 1Rosariosis 1Rosariosis Jan 30, 2025 May 2, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
CVE-2023-2202 1Rosariosis 1Rosariosis Nov 21, 2024 Apr 21, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.
CVE-2023-0994 1Rosariosis 1Rosariosis Nov 21, 2024 Feb 24, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.
CVE-2022-2714 1Rosariosis 1Rosariosis Nov 21, 2024 Sep 6, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.
CVE-2022-3072 1Rosariosis 1Rosariosis Nov 21, 2024 Sep 1, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.
CVE-2022-2067 1Rosariosis 1Rosariosis Nov 21, 2024 Jun 13, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.
CVE-2022-2036 1Rosariosis 1Rosariosis Nov 21, 2024 Jun 9, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
CVE-2022-1997 1Rosariosis 1Rosariosis Nov 21, 2024 Jun 8, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.
CVE-2021-44567 1Rosariosis 1Rosariosis Nov 21, 2024 Feb 24, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
CVE-2021-44566 1Rosariosis 1Rosariosis Nov 21, 2024 Feb 24, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.
CVE-2021-44565 1Rosariosis 1Rosariosis Nov 21, 2024 Feb 24, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of a...Show more A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.Show less
CVE-2021-45416 1Rosariosis 1Rosariosis Nov 21, 2024 Feb 1, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
CVE-2021-44427 1Rosariosis 1Rosariosis Nov 21, 2024 Nov 29, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) throu...Show more An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.Show less
CVE-2020-15718 1Rosariosis 1Rosariosis Apr 16, 2025 Jul 15, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a c...Show more RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.Show less
CVE-2020-15717 1Rosariosis 1Rosariosis Nov 21, 2024 Jul 15, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.
CVE-2020-15716 1Rosariosis 1Rosariosis Apr 16, 2025 Jul 15, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.
CVE-2020-15721 1Rosariosis 1Rosariosis Nov 21, 2024 Jul 14, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.