Known Vulnerabilities for products from Rosariosis

Listed below are 19 of the newest known vulnerabilities associated with the vendor "Rosariosis".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-29918 json RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. 5.4 - MEDIUM 2023-05-02 2023-05-09
CVE-2023-2665 json Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0... 7.5 - HIGH 2023-05-12 2023-05-19
CVE-2023-2202 json Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. 6.5 - MEDIUM 2023-04-21 2023-05-02
CVE-2023-0994 json Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. 7.5 - HIGH 2023-02-24 2023-04-26
CVE-2022-3072 json Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. 5.4 - MEDIUM 2022-09-01 2022-09-02
CVE-2022-2714 json Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. 9.8 - CRITICAL 2022-09-06 2022-09-13
CVE-2022-2067 json SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. 9.1 - CRITICAL 2022-06-13 2022-06-21
CVE-2022-2036 json Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. 5.4 - MEDIUM 2022-06-09 2022-06-15
CVE-2022-1997 json Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. 5.4 - MEDIUM 2022-06-08 2022-06-14
CVE-2021-45416 json Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the sear... 6.1 - MEDIUM 2022-02-01 2022-02-04
CVE-2021-44567 json An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/... 9.8 - CRITICAL 2022-02-24 2022-03-03
CVE-2021-44566 json A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFuncti... 5.4 - MEDIUM 2022-02-24 2022-03-03
CVE-2021-44565 json A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.p... 5.4 - MEDIUM 2022-02-24 2022-03-03
CVE-2021-44427 json An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows rem... 9.8 - CRITICAL 2021-11-29 2021-11-30
CVE-2020-15721 json RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php an... 6.1 - MEDIUM 2020-07-14 2020-07-22
CVE-2020-15718 json RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script.... 6.1 - MEDIUM 2020-07-15 2020-07-22
CVE-2020-15717 json RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A r... 6.1 - MEDIUM 2020-07-15 2020-07-22
CVE-2020-15716 json RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A ... 6.1 - MEDIUM 2020-07-15 2020-07-22
CVE-2020-13278 json Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote at... 6.1 - MEDIUM 2020-08-12 2020-08-17

Known software with vulnerabilities from Rosariosis

Type Vendor Product Version
ApplicationRosariosisRosariosis-
ApplicationRosariosisStudent Information System1.2