Vulnerabilities > Rosariosis
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-12 | CVE-2023-2665 | Insecure Storage of Sensitive Information vulnerability in Rosariosis Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | 7.5 |
| 2023-05-02 | CVE-2023-29918 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Rosariosis 10.8.4 RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | 5.4 |
| 2023-04-21 | CVE-2023-2202 | Unspecified vulnerability in Rosariosis Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. | 6.5 |
| 2023-02-24 | CVE-2023-0994 | Unspecified vulnerability in Rosariosis Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. | 7.5 |
| 2022-09-06 | CVE-2022-2714 | Unspecified vulnerability in Rosariosis Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. | 9.8 |
| 2022-09-01 | CVE-2022-3072 | Unspecified vulnerability in Rosariosis Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. | 5.4 |
| 2022-06-13 | CVE-2022-2067 | SQL Injection vulnerability in Rosariosis SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. | 9.1 |
| 2022-06-09 | CVE-2022-2036 | Cross-site Scripting vulnerability in Rosariosis Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | 5.4 |
| 2022-06-08 | CVE-2022-1997 | Cross-site Scripting vulnerability in Rosariosis Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. | 5.4 |
| 2022-02-24 | CVE-2021-44565 | Cross-site Scripting vulnerability in Rosariosis A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. | 5.4 |