ByteOS Network

RosarioSIS

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2024-3138

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-3.5||LOW

EPSS-0.17% / 38.00%

7 Day CHG~0.00%

Published-01 Apr, 2024 | 22:00

Updated-23 Aug, 2024 | 17:13

francoisjacquet RosarioSIS Add Portal Note cross site scripting

** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible.

Vendor-francoisjacquet rosariosis

Product-RosarioSIS rosariosis

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2020-13278

Assigner-GitLab Inc.

View Details

Assigner-GitLab Inc.

CVSS Score-6.1||MEDIUM

EPSS-0.47% / 63.67%

7 Day CHG~0.00%

Published-12 Aug, 2020 | 14:01

Updated-04 Aug, 2024 | 12:11

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.

Vendor-rosariosis RosarioSIS

Product-student_information_system RosarioSIS

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')