Skip to main content

Rosariosis CVE-2023-29918

MEDIUM
Improper Neutralization of Formula Elements in a CSV File (CWE-1236)
2023-05-02 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 02, 2023 - 16:15 nvd
MEDIUM 5.4

DescriptionNVD

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.

AnalysisAI

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1236. RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. Affected products include: Rosariosis.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-44427 CRITICAL POC
9.8 Nov 29

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allow

CVE-2022-2067 CRITICAL POC
9.1 Jun 13

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. Rated critical severity (CVSS 9.1), this vul

CVE-2023-0994 HIGH POC
7.5 Feb 24

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8

CVE-2021-45416 MEDIUM POC
6.1 Feb 01

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the

CVE-2020-15718 MEDIUM POC
6.1 Jul 15

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php sc

CVE-2020-15716 MEDIUM POC
6.1 Jul 15

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php scrip

CVE-2022-2714 CRITICAL
9.8 Sep 06

Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. Rated

CVE-2022-3072 MEDIUM POC
5.4 Sep 01

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. Rated medium severit

CVE-2022-2036 MEDIUM POC
5.4 Jun 09

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. Rated medium severit

CVE-2022-1997 MEDIUM POC
5.4 Jun 08

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. Rated medium severity

CVE-2023-2665 HIGH
7.5 May 12

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to

CVE-2023-2202 MEDIUM
6.5 Apr 21

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. Rated medium severity (CVSS 6.5

Share

CVE-2023-29918 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy