Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Rosariosis'
2022-06-13
CVE-2022-2067
CWE-89
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.
2022-06-09
CVE-2022-2036
CWE-79
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
2022-06-08
CVE-2022-1997
CWE-79
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.
2022-02-24
CVE-2021-44565
CWE-79
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.
CVE-2021-44566
CWE-79
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.
CVE-2021-44567
CWE-89
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
2022-02-01
CVE-2021-45416
CWE-79
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
2021-11-29
CVE-2021-44427
CWE-89
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
2020-07-15
CVE-2020-15718
CWE-79
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
CVE-2020-15717
CWE-79
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.
Copyright
2025
, cxsecurity.com
Back to Top
Podatności dla 'Rosariosis' 
Polish
English