Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
19 vulnerabilities by rosariosis
CVE-2023-2665 (GCVE-0-2023-2665)
Vulnerability from cvelistv5 – Published: 2023-05-12 00:00 – Updated: 2025-01-24 15:58
VLAI
Title
Storage of Sensitive Data in a Mechanism without Access Control in francoisjacquet/rosariosis
Summary
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-921 - Storage of Sensitive Data in a Mechanism without Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| francoisjacquet | francoisjacquet/rosariosis |
Affected:
unspecified , < 11.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/42f38a84-8954-484d-b5ff-706ca0918194"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/09d5afaa6be07688ca1a7ac3b755b5438109e986"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T15:58:00.495107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T15:58:05.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "francoisjacquet/rosariosis",
"vendor": "francoisjacquet",
"versions": [
{
"lessThan": "11.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-921",
"description": "CWE-921 Storage of Sensitive Data in a Mechanism without Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/42f38a84-8954-484d-b5ff-706ca0918194"
},
{
"url": "https://github.com/francoisjacquet/rosariosis/commit/09d5afaa6be07688ca1a7ac3b755b5438109e986"
}
],
"source": {
"advisory": "42f38a84-8954-484d-b5ff-706ca0918194",
"discovery": "EXTERNAL"
},
"title": "Storage of Sensitive Data in a Mechanism without Access Control in francoisjacquet/rosariosis"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2665",
"datePublished": "2023-05-12T00:00:00.000Z",
"dateReserved": "2023-05-12T00:00:00.000Z",
"dateUpdated": "2025-01-24T15:58:05.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29918 (GCVE-0-2023-29918)
Vulnerability from cvelistv5 – Published: 2023-05-02 00:00 – Updated: 2025-01-30 16:30
VLAI
Summary
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:14:40.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29918",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T16:29:58.727432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T16:30:03.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-02T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29918",
"datePublished": "2023-05-02T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2025-01-30T16:30:03.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2202 (GCVE-0-2023-2202)
Vulnerability from cvelistv5 – Published: 2023-04-21 00:00 – Updated: 2025-02-04 20:48
VLAI
Title
Improper Access Control in francoisjacquet/rosariosis
Summary
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| francoisjacquet | francoisjacquet/rosariosis |
Affected:
unspecified , < 10.9.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/efe6ef47-d17c-4773-933a-4836c32db85c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/6433946abfb34324616e833b1c00d0b2450753be"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:48:38.879038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:48:53.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "francoisjacquet/rosariosis",
"vendor": "francoisjacquet",
"versions": [
{
"lessThan": "10.9.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/efe6ef47-d17c-4773-933a-4836c32db85c"
},
{
"url": "https://github.com/francoisjacquet/rosariosis/commit/6433946abfb34324616e833b1c00d0b2450753be"
}
],
"source": {
"advisory": "efe6ef47-d17c-4773-933a-4836c32db85c",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in francoisjacquet/rosariosis"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2202",
"datePublished": "2023-04-21T00:00:00.000Z",
"dateReserved": "2023-04-21T00:00:00.000Z",
"dateUpdated": "2025-02-04T20:48:53.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0994 (GCVE-0-2023-0994)
Vulnerability from cvelistv5 – Published: 2023-02-24 00:00 – Updated: 2025-03-12 15:28
VLAI
Title
Exposure of Sensitive Information to an Unauthorized Actor in francoisjacquet/rosariosis
Summary
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| francoisjacquet | francoisjacquet/rosariosis |
Affected:
unspecified , < 10.8.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a281c586-9b97-4d17-88ff-ca91bb4c45ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/630d3e3d78270db8dbcbfe87db265bc3e70c5a76"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0994",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:27:57.236468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:28:06.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "francoisjacquet/rosariosis",
"vendor": "francoisjacquet",
"versions": [
{
"lessThan": "10.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a281c586-9b97-4d17-88ff-ca91bb4c45ad"
},
{
"url": "https://github.com/francoisjacquet/rosariosis/commit/630d3e3d78270db8dbcbfe87db265bc3e70c5a76"
}
],
"source": {
"advisory": "a281c586-9b97-4d17-88ff-ca91bb4c45ad",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in francoisjacquet/rosariosis"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0994",
"datePublished": "2023-02-24T00:00:00.000Z",
"dateReserved": "2023-02-24T00:00:00.000Z",
"dateUpdated": "2025-03-12T15:28:06.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2714 (GCVE-0-2022-2714)
Vulnerability from cvelistv5 – Published: 2022-09-06 10:15 – Updated: 2024-08-03 00:46
VLAI
Title
Improper Handling of Length Parameter Inconsistency in francoisjacquet/rosariosis
Summary
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.
Severity
8.1 (High)
CWE
- CWE-130 - Improper Handling of Length Parameter Inconsistency
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/430aedac-c7d9-4acb-9ba… | x_refsource_CONFIRM |
| https://github.com/francoisjacquet/rosariosis/com… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| francoisjacquet | francoisjacquet/rosariosis |
Affected:
unspecified , < 10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/430aedac-c7d9-4acb-9bab-bcc0595d9e95"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/4022954c3f41462bf6225c302a28b0429f6f4df3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "francoisjacquet/rosariosis",
"vendor": "francoisjacquet",
"versions": [
{
"lessThan": "10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter Inconsistency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T10:15:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/430aedac-c7d9-4acb-9bab-bcc0595d9e95"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/4022954c3f41462bf6225c302a28b0429f6f4df3"
}
],
"source": {
"advisory": "430aedac-c7d9-4acb-9bab-bcc0595d9e95",
"discovery": "EXTERNAL"
},
"title": "Improper Handling of Length Parameter Inconsistency in francoisjacquet/rosariosis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2714",
"STATE": "PUBLIC",
"TITLE": "Improper Handling of Length Parameter Inconsistency in francoisjacquet/rosariosis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "francoisjacquet/rosariosis",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "francoisjacquet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130 Improper Handling of Length Parameter Inconsistency"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/430aedac-c7d9-4acb-9bab-bcc0595d9e95",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/430aedac-c7d9-4acb-9bab-bcc0595d9e95"
},
{
"name": "https://github.com/francoisjacquet/rosariosis/commit/4022954c3f41462bf6225c302a28b0429f6f4df3",
"refsource": "MISC",
"url": "https://github.com/francoisjacquet/rosariosis/commit/4022954c3f41462bf6225c302a28b0429f6f4df3"
}
]
},
"source": {
"advisory": "430aedac-c7d9-4acb-9bab-bcc0595d9e95",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2714",
"datePublished": "2022-09-06T10:15:12.000Z",
"dateReserved": "2022-08-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:46:03.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3072 (GCVE-0-2022-3072)
Vulnerability from cvelistv5 – Published: 2022-09-01 07:30 – Updated: 2024-08-03 01:00
VLAI
Title
Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/9755ae6a-b08b-40a0-808… | x_refsource_CONFIRM |
| https://github.com/francoisjacquet/rosariosis/com… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| francoisjacquet | francoisjacquet/rosariosis |
Affected:
unspecified , < 8.9.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/9755ae6a-b08b-40a0-8089-c723b2d9ca52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/dcd3b86156bf9e981944e1a9e01ea23d8ad7c83a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "francoisjacquet/rosariosis",
"vendor": "francoisjacquet",
"versions": [
{
"lessThan": "8.9.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-01T07:30:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/9755ae6a-b08b-40a0-8089-c723b2d9ca52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/dcd3b86156bf9e981944e1a9e01ea23d8ad7c83a"
}
],
"source": {
"advisory": "9755ae6a-b08b-40a0-8089-c723b2d9ca52",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3072",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "francoisjacquet/rosariosis",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.9.3"
}
]
}
}
]
},
"vendor_name": "francoisjacquet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9755ae6a-b08b-40a0-8089-c723b2d9ca52",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9755ae6a-b08b-40a0-8089-c723b2d9ca52"
},
{
"name": "https://github.com/francoisjacquet/rosariosis/commit/dcd3b86156bf9e981944e1a9e01ea23d8ad7c83a",
"refsource": "MISC",
"url": "https://github.com/francoisjacquet/rosariosis/commit/dcd3b86156bf9e981944e1a9e01ea23d8ad7c83a"
}
]
},
"source": {
"advisory": "9755ae6a-b08b-40a0-8089-c723b2d9ca52",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3072",
"datePublished": "2022-09-01T07:30:12.000Z",
"dateReserved": "2022-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2067 (GCVE-0-2022-2067)
Vulnerability from cvelistv5 – Published: 2022-06-13 12:20 – Updated: 2024-08-03 00:24
VLAI
Title
SQL Injection in francoisjacquet/rosariosis
Summary
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.
Severity
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/a85a53a4-3009-4f41-ac3… | x_refsource_CONFIRM |
| https://github.com/francoisjacquet/rosariosis/com… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| francoisjacquet | francoisjacquet/rosariosis |
Affected:
unspecified , < 9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a85a53a4-3009-4f41-ac33-8bed8bbe16a8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/15d5e8700d538935b5c411b2a1e25bcf7e16c47c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "francoisjacquet/rosariosis",
"vendor": "francoisjacquet",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:20:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a85a53a4-3009-4f41-ac33-8bed8bbe16a8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/15d5e8700d538935b5c411b2a1e25bcf7e16c47c"
}
],
"source": {
"advisory": "a85a53a4-3009-4f41-ac33-8bed8bbe16a8",
"discovery": "EXTERNAL"
},
"title": "SQL Injection in francoisjacquet/rosariosis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2067",
"STATE": "PUBLIC",
"TITLE": "SQL Injection in francoisjacquet/rosariosis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "francoisjacquet/rosariosis",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "francoisjacquet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a85a53a4-3009-4f41-ac33-8bed8bbe16a8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a85a53a4-3009-4f41-ac33-8bed8bbe16a8"
},
{
"name": "https://github.com/francoisjacquet/rosariosis/commit/15d5e8700d538935b5c411b2a1e25bcf7e16c47c",
"refsource": "MISC",
"url": "https://github.com/francoisjacquet/rosariosis/commit/15d5e8700d538935b5c411b2a1e25bcf7e16c47c"
}
]
},
"source": {
"advisory": "a85a53a4-3009-4f41-ac33-8bed8bbe16a8",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2067",
"datePublished": "2022-06-13T12:20:13.000Z",
"dateReserved": "2022-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2036 (GCVE-0-2022-2036)
Vulnerability from cvelistv5 – Published: 2022-06-09 05:30 – Updated: 2024-08-03 00:24
VLAI
Title
Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
Severity
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/c7715149-f99c-4d62-a5c… | x_refsource_CONFIRM |
| https://github.com/francoisjacquet/rosariosis/com… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| francoisjacquet | francoisjacquet/rosariosis |
Affected:
unspecified , < 9.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "francoisjacquet/rosariosis",
"vendor": "francoisjacquet",
"versions": [
{
"lessThan": "9.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T05:30:14.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398a"
}
],
"source": {
"advisory": "c7715149-f99c-4d62-a5c6-c78bfdb41905",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2036",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "francoisjacquet/rosariosis",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.0.1"
}
]
}
}
]
},
"vendor_name": "francoisjacquet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905"
},
{
"name": "https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398a",
"refsource": "MISC",
"url": "https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398a"
}
]
},
"source": {
"advisory": "c7715149-f99c-4d62-a5c6-c78bfdb41905",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2036",
"datePublished": "2022-06-09T05:30:15.000Z",
"dateReserved": "2022-06-09T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:43.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1997 (GCVE-0-2022-1997)
Vulnerability from cvelistv5 – Published: 2022-06-06 10:10 – Updated: 2024-08-03 00:24
VLAI
Title
Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.
Severity
8.8 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/28861ae9-7b09-45b7-a00… | x_refsource_CONFIRM |
| https://github.com/francoisjacquet/rosariosis/com… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| francoisjacquet | francoisjacquet/rosariosis |
Affected:
unspecified , < 9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/28861ae9-7b09-45b7-a003-eccf903db71d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/6b22c0b5b40fad891c8cf9e7eeff3e42a35c0bf8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "francoisjacquet/rosariosis",
"vendor": "francoisjacquet",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T10:10:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/28861ae9-7b09-45b7-a003-eccf903db71d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/francoisjacquet/rosariosis/commit/6b22c0b5b40fad891c8cf9e7eeff3e42a35c0bf8"
}
],
"source": {
"advisory": "28861ae9-7b09-45b7-a003-eccf903db71d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1997",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "francoisjacquet/rosariosis",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "francoisjacquet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/28861ae9-7b09-45b7-a003-eccf903db71d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/28861ae9-7b09-45b7-a003-eccf903db71d"
},
{
"name": "https://github.com/francoisjacquet/rosariosis/commit/6b22c0b5b40fad891c8cf9e7eeff3e42a35c0bf8",
"refsource": "MISC",
"url": "https://github.com/francoisjacquet/rosariosis/commit/6b22c0b5b40fad891c8cf9e7eeff3e42a35c0bf8"
}
]
},
"source": {
"advisory": "28861ae9-7b09-45b7-a003-eccf903db71d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1997",
"datePublished": "2022-06-06T10:10:10.000Z",
"dateReserved": "2022-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44567 (GCVE-0-2021-44567)
Vulnerability from cvelistv5 – Published: 2022-02-22 20:16 – Updated: 2024-08-04 04:25
VLAI
Summary
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://gitlab.com/francoisjacquet/rosariosis/-/b… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/i… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/c… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/c… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T22:11:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/308",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/308"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaa",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaa"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44567",
"datePublished": "2022-02-22T20:16:14.000Z",
"dateReserved": "2021-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:25:16.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44566 (GCVE-0-2021-44566)
Vulnerability from cvelistv5 – Published: 2022-02-22 20:02 – Updated: 2024-08-04 04:25
VLAI
Summary
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://gitlab.com/francoisjacquet/rosariosis/-/i… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/c… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/b… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/259"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/81886abb45a32e802151660de674f084afaef3aa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES_V3_4.md#changes-in-43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T22:10:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/259"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/81886abb45a32e802151660de674f084afaef3aa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES_V3_4.md#changes-in-43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/259",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/259"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/81886abb45a32e802151660de674f084afaef3aa",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/81886abb45a32e802151660de674f084afaef3aa"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES_V3_4.md#changes-in-43",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES_V3_4.md#changes-in-43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44566",
"datePublished": "2022-02-22T20:02:49.000Z",
"dateReserved": "2021-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:25:16.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44565 (GCVE-0-2021-44565)
Vulnerability from cvelistv5 – Published: 2022-02-22 19:58 – Updated: 2024-08-04 04:25
VLAI
Summary
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://gitlab.com/francoisjacquet/rosariosis/-/i… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/c… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/b… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/307"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-24T22:04:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/307"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/307",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/307"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44565",
"datePublished": "2022-02-22T19:58:33.000Z",
"dateReserved": "2021-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:25:16.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45416 (GCVE-0-2021-45416)
Vulnerability from cvelistv5 – Published: 2022-02-01 12:44 – Updated: 2024-08-04 04:39
VLAI
Summary
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://rosariosis.com | x_refsource_MISC |
| https://github.com/86x/CVE-2021-45416 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:20.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rosariosis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/86x/CVE-2021-45416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-01T12:44:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rosariosis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/86x/CVE-2021-45416"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rosariosis.com",
"refsource": "MISC",
"url": "http://rosariosis.com"
},
{
"name": "https://github.com/86x/CVE-2021-45416",
"refsource": "MISC",
"url": "https://github.com/86x/CVE-2021-45416"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45416",
"datePublished": "2022-02-01T12:44:53.000Z",
"dateReserved": "2021-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:39:20.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44427 (GCVE-0-2021-44427)
Vulnerability from cvelistv5 – Published: 2021-11-29 21:34 – Updated: 2024-08-04 04:25
VLAI
KEVintel KEV
Summary
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gitlab.com/francoisjacquet/rosariosis/-/i… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/328"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-29T21:34:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/328"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/328",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/328"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44427",
"datePublished": "2021-11-29T21:34:16.000Z",
"dateReserved": "2021-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:25:16.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13278 (GCVE-0-2020-13278)
Vulnerability from cvelistv5 – Published: 2020-08-12 14:01 – Updated: 2024-08-04 12:11
VLAI
Summary
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.
Severity
6.1 (Medium)
CWE
- Improper neutralization of input during web page generation ('cross-site scripting') in RosarioSIS
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://gitlab.com/francoisjacquet/rosariosis/-/c… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/i… | x_refsource_MISC |
| https://gitlab.com/gitlab-org/cves/-/blob/master/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RosarioSIS | RosarioSIS |
Affected:
=6.5.1
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/9cb4fec5fe177f1d3716708b46d1958eac477ebe"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13278.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RosarioSIS",
"vendor": "RosarioSIS",
"versions": [
{
"status": "affected",
"version": "=6.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "github.com/M507"
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System \u003c 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in RosarioSIS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-12T14:01:44.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/9cb4fec5fe177f1d3716708b46d1958eac477ebe"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13278.json"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2020-13278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RosarioSIS",
"version": {
"version_data": [
{
"version_value": "=6.5.1"
}
]
}
}
]
},
"vendor_name": "RosarioSIS"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "github.com/M507"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System \u003c 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in RosarioSIS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/9cb4fec5fe177f1d3716708b46d1958eac477ebe",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/9cb4fec5fe177f1d3716708b46d1958eac477ebe"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/282",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/282"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13278.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13278.json"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2020-13278",
"datePublished": "2020-08-12T14:01:44.000Z",
"dateReserved": "2020-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:11:19.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15718 (GCVE-0-2020-15718)
Vulnerability from cvelistv5 – Published: 2020-07-15 19:02 – Updated: 2025-04-16 14:28
VLAI
Summary
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184944"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T14:28:25.363Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md"
},
{
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291"
},
{
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184944"
},
{
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a"
},
{
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-15718.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184944",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184944"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a",
"refsource": "CONFIRM",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15718",
"datePublished": "2020-07-15T19:02:52.000Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2025-04-16T14:28:25.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15717 (GCVE-0-2020-15717)
Vulnerability from cvelistv5 – Published: 2020-07-15 19:01 – Updated: 2024-08-04 13:22
VLAI
Summary
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://gitlab.com/francoisjacquet/rosariosis/-/b… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/i… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/t… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/c… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184943"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:01:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184943"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184943",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184943"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a",
"refsource": "CONFIRM",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15717",
"datePublished": "2020-07-15T19:01:43.000Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:22:30.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15716 (GCVE-0-2020-15716)
Vulnerability from cvelistv5 – Published: 2020-07-15 19:00 – Updated: 2025-04-16 14:31
VLAI
Summary
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184942"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T14:31:56.472Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184942"
},
{
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md"
},
{
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291"
},
{
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta"
},
{
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a"
},
{
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-15716.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184942",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184942"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a",
"refsource": "CONFIRM",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15716",
"datePublished": "2020-07-15T19:00:44.000Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2025-04-16T14:31:56.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15721 (GCVE-0-2020-15721)
Vulnerability from cvelistv5 – Published: 2020-07-14 14:26 – Updated: 2024-08-04 13:22
VLAI
Summary
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://gitlab.com/francoisjacquet/rosariosis/-/b… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/i… | x_refsource_MISC |
| https://gitlab.com/francoisjacquet/rosariosis/-/c… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/c4a694860b50c4aa5c67d6568f7d0613fef1a30d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T14:26:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/c4a694860b50c4aa5c67d6568f7d0613fef1a30d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291"
},
{
"name": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/c4a694860b50c4aa5c67d6568f7d0613fef1a30d",
"refsource": "MISC",
"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/c4a694860b50c4aa5c67d6568f7d0613fef1a30d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15721",
"datePublished": "2020-07-14T14:26:43.000Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:22:30.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}