Vulnerabilities > Rosariosis

DATE CVE VULNERABILITY TITLE RISK
2023-05-12 CVE-2023-2665 Insecure Storage of Sensitive Information vulnerability in Rosariosis
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.
network
low complexity
rosariosis CWE-922
7.5
2023-05-02 CVE-2023-29918 Improper Neutralization of Formula Elements in a CSV File vulnerability in Rosariosis 10.8.4
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
network
low complexity
rosariosis CWE-1236
5.4
2023-04-21 CVE-2023-2202 Improper Access Control vulnerability in Rosariosis
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.
network
low complexity
rosariosis CWE-284
6.5
2023-02-24 CVE-2023-0994 Information Exposure vulnerability in Rosariosis
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.
network
low complexity
rosariosis CWE-200
7.5
2022-06-13 CVE-2022-2067 SQL Injection vulnerability in Rosariosis
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.
network
low complexity
rosariosis CWE-89
6.4
2022-06-09 CVE-2022-2036 Cross-site Scripting vulnerability in Rosariosis
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
network
rosariosis CWE-79
3.5
2022-06-08 CVE-2022-1997 Cross-site Scripting vulnerability in Rosariosis
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.
network
rosariosis CWE-79
3.5
2022-02-24 CVE-2021-44565 Cross-site Scripting vulnerability in Rosariosis
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML.
network
rosariosis CWE-79
3.5
2022-02-24 CVE-2021-44566 Cross-site Scripting vulnerability in Rosariosis
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.
network
rosariosis CWE-79
3.5
2022-02-24 CVE-2021-44567 SQL Injection vulnerability in Rosariosis
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
network
low complexity
rosariosis CWE-89
7.5