Skip to main content

Rosariosis

15 CVEs product

Monthly

CVE-2023-2665 PHP HIGH PATCH This Week

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rosariosis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-29918 PHP MEDIUM POC This Month

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rosariosis
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.2%
CVE-2023-2202 PHP MEDIUM PATCH This Month

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Rosariosis
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-0994 PHP HIGH POC PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rosariosis
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-2714 PHP CRITICAL PATCH Act Now

Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rosariosis
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-3072 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rosariosis
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-2067 PHP CRITICAL POC PATCH Act Now

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Rosariosis
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2022-2036 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rosariosis
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-1997 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rosariosis
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-45416 PHP MEDIUM POC PATCH This Month

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Rosariosis
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
3.0%
CVE-2021-44427 PHP CRITICAL POC PATCH THREAT Act Now

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi PostgreSQL Rosariosis
NVD
CVSS 3.1
9.8
EPSS
50.6%
CVE-2020-15718 MEDIUM POC PATCH This Month

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Rosariosis
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
6.3%
CVE-2020-15717 MEDIUM PATCH This Month

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Rosariosis
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-15716 MEDIUM POC PATCH This Month

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Rosariosis
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.6%
CVE-2020-15721 PHP MEDIUM PATCH This Month

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Rosariosis
NVD
CVSS 3.1
6.1
EPSS
1.5%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rosariosis
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM POC This Month

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rosariosis
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Rosariosis
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rosariosis
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rosariosis
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rosariosis
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Rosariosis
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rosariosis
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rosariosis
NVD GitHub
EPSS 3% CVSS 6.1
MEDIUM POC PATCH This Month

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Rosariosis
NVD GitHub VulDB
EPSS 51% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi PostgreSQL +1
NVD
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Rosariosis
NVD GitHub Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Rosariosis
NVD
EPSS 6% CVSS 6.1
MEDIUM POC PATCH This Month

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Rosariosis
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Rosariosis
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy