Vulnerabilities > Rosariosis > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-02 | CVE-2023-29918 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Rosariosis 10.8.4 RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | 5.4 |
| 2023-04-21 | CVE-2023-2202 | Unspecified vulnerability in Rosariosis Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. | 6.5 |
| 2022-09-01 | CVE-2022-3072 | Unspecified vulnerability in Rosariosis Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. | 5.4 |
| 2022-06-09 | CVE-2022-2036 | Cross-site Scripting vulnerability in Rosariosis Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | 5.4 |
| 2022-06-08 | CVE-2022-1997 | Cross-site Scripting vulnerability in Rosariosis Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. | 5.4 |
| 2022-02-24 | CVE-2021-44565 | Cross-site Scripting vulnerability in Rosariosis A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. | 5.4 |
| 2022-02-24 | CVE-2021-44566 | Cross-site Scripting vulnerability in Rosariosis A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. | 5.4 |
| 2022-02-01 | CVE-2021-45416 | Cross-site Scripting vulnerability in Rosariosis 8.2.1 Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | 6.1 |
| 2020-08-12 | CVE-2020-13278 | Cross-site Scripting vulnerability in Rosariosis Student Information System Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request. | 6.1 |
| 2020-07-15 | CVE-2020-15718 | Cross-site Scripting vulnerability in Rosariosis 6.7.2 RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. | 6.1 |