Vulnerabilities > Rosariosis > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-02 | CVE-2023-29918 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Rosariosis 10.8.4 RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | 5.4 |
| 2023-04-21 | CVE-2023-2202 | Improper Access Control vulnerability in Rosariosis Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. | 6.5 |
| 2022-06-13 | CVE-2022-2067 | SQL Injection vulnerability in Rosariosis SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. | 6.4 |
| 2022-02-01 | CVE-2021-45416 | Cross-site Scripting vulnerability in Rosariosis 8.2.1 Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | 4.3 |
| 2020-08-12 | CVE-2020-13278 | Cross-site Scripting vulnerability in Rosariosis Student Information System Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request. | 4.3 |
| 2020-07-15 | CVE-2020-15718 | Cross-site Scripting vulnerability in Rosariosis 6.7.2 RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. | 4.3 |
| 2020-07-15 | CVE-2020-15717 | Cross-site Scripting vulnerability in Rosariosis 6.7.2 RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. | 4.3 |
| 2020-07-15 | CVE-2020-15716 | Cross-site Scripting vulnerability in Rosariosis 6.7.2 RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. | 4.3 |
| 2020-07-14 | CVE-2020-15721 | Cross-site Scripting vulnerability in Rosariosis RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php. | 4.3 |