Vulnerabilities > Rosariosis

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2021-44566 Cross-site Scripting vulnerability in Rosariosis
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.
network
low complexity
rosariosis CWE-79
5.4
2022-02-24 CVE-2021-44567 SQL Injection vulnerability in Rosariosis
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
network
low complexity
rosariosis CWE-89
critical
9.8
2022-02-01 CVE-2021-45416 Cross-site Scripting vulnerability in Rosariosis 8.2.1
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
network
low complexity
rosariosis CWE-79
6.1
2021-11-29 CVE-2021-44427 SQL Injection vulnerability in Rosariosis
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
network
low complexity
rosariosis CWE-89
critical
9.8
2020-08-12 CVE-2020-13278 Cross-site Scripting vulnerability in Rosariosis Student Information System
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.
network
low complexity
rosariosis CWE-79
6.1
2020-07-15 CVE-2020-15718 Cross-site Scripting vulnerability in Rosariosis 6.7.2
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script.
network
low complexity
rosariosis CWE-79
6.1
2020-07-15 CVE-2020-15717 Cross-site Scripting vulnerability in Rosariosis 6.7.2
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script.
network
low complexity
rosariosis CWE-79
6.1
2020-07-15 CVE-2020-15716 Cross-site Scripting vulnerability in Rosariosis 6.7.2
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script.
network
low complexity
rosariosis CWE-79
6.1
2020-07-14 CVE-2020-15721 Cross-site Scripting vulnerability in Rosariosis
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
network
low complexity
rosariosis CWE-79
6.1