Vulnerabilities > Rosariosis > Rosariosis > 8.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-12 | CVE-2023-2665 | Insecure Storage of Sensitive Information vulnerability in Rosariosis Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | 7.5 |
2023-04-21 | CVE-2023-2202 | Improper Access Control vulnerability in Rosariosis Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. | 6.5 |
2023-02-24 | CVE-2023-0994 | Information Exposure vulnerability in Rosariosis Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. | 7.5 |
2022-06-13 | CVE-2022-2067 | SQL Injection vulnerability in Rosariosis SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. | 6.4 |
2022-06-09 | CVE-2022-2036 | Cross-site Scripting vulnerability in Rosariosis Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | 3.5 |
2022-06-08 | CVE-2022-1997 | Cross-site Scripting vulnerability in Rosariosis Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. | 3.5 |
2022-02-01 | CVE-2021-45416 | Cross-site Scripting vulnerability in Rosariosis 8.2.1 Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | 4.3 |