Vulnerabilities > Rosariosis
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-12 | CVE-2023-2665 | Insecure Storage of Sensitive Information vulnerability in Rosariosis Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | 7.5 |
| 2023-05-02 | CVE-2023-29918 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Rosariosis 10.8.4 RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | 5.4 |
| 2023-04-21 | CVE-2023-2202 | Improper Access Control vulnerability in Rosariosis Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. | 6.5 |
| 2023-02-24 | CVE-2023-0994 | Information Exposure vulnerability in Rosariosis Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. | 7.5 |
| 2022-06-13 | CVE-2022-2067 | SQL Injection vulnerability in Rosariosis SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. | 6.4 |
| 2022-06-09 | CVE-2022-2036 | Cross-site Scripting vulnerability in Rosariosis Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | 3.5 |
| 2022-06-08 | CVE-2022-1997 | Cross-site Scripting vulnerability in Rosariosis Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. | 3.5 |
| 2022-02-24 | CVE-2021-44565 | Cross-site Scripting vulnerability in Rosariosis A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. | 3.5 |
| 2022-02-24 | CVE-2021-44566 | Cross-site Scripting vulnerability in Rosariosis A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. | 3.5 |
| 2022-02-24 | CVE-2021-44567 | SQL Injection vulnerability in Rosariosis An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. | 7.5 |