Vulnerabilities > Rosariosis > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-15 | CVE-2020-15717 | Cross-site Scripting vulnerability in Rosariosis 6.7.2 RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. | 6.1 |
| 2020-07-15 | CVE-2020-15716 | Cross-site Scripting vulnerability in Rosariosis 6.7.2 RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. | 6.1 |
| 2020-07-14 | CVE-2020-15721 | Cross-site Scripting vulnerability in Rosariosis RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php. | 6.1 |