Known Vulnerabilities for products from Rosariosis

Listed below are 19 of the newest known vulnerabilities associated with the vendor "Rosariosis".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-29918 json RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. 5.4 - MEDIUM 2023-05-02 2023-05-09
CVE-2023-2665 json Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0... 7.5 - HIGH 2023-05-12 2023-05-19
CVE-2023-2202 json Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. 6.5 - MEDIUM 2023-04-21 2023-05-02
CVE-2023-0994 json Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. 7.5 - HIGH 2023-02-24 2023-04-26
CVE-2022-3072 json Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. 5.4 - MEDIUM 2022-09-01 2022-09-02
CVE-2022-2714 json Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. 9.8 - CRITICAL 2022-09-06 2022-09-13
CVE-2022-2067 json SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. 9.1 - CRITICAL 2022-06-13 2022-06-21
CVE-2022-2036 json Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. 5.4 - MEDIUM 2022-06-09 2022-06-15
CVE-2022-1997 json Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. 5.4 - MEDIUM 2022-06-08 2022-06-14
CVE-2021-45416 json Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the sear... Not Provided 2022-02-01 2026-07-05
CVE-2021-44567 json An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/... 9.8 - CRITICAL 2022-02-24 2022-03-03
CVE-2021-44566 json A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFuncti... 5.4 - MEDIUM 2022-02-24 2022-03-03
CVE-2021-44565 json A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.p... 5.4 - MEDIUM 2022-02-24 2022-03-03
CVE-2021-44427 json An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows rem... 9.8 - CRITICAL 2021-11-29 2021-11-30
CVE-2020-15721 json RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php an... 6.1 - MEDIUM 2020-07-14 2020-07-22
CVE-2020-15718 json RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script.... 6.1 - MEDIUM 2020-07-15 2020-07-22
CVE-2020-15717 json RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A r... 6.1 - MEDIUM 2020-07-15 2020-07-22
CVE-2020-15716 json RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A ... 6.1 - MEDIUM 2020-07-15 2020-07-22
CVE-2020-13278 json Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote at... 6.1 - MEDIUM 2020-08-12 2020-08-17

Known software with vulnerabilities from Rosariosis

Type Vendor Product Version
ApplicationRosariosisRosariosis-
ApplicationRosariosisStudent Information System1.2
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report