francoisjacquet/rosariosis

Packagist17 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting francoisjacquet/rosariosispage 1 of 1

CVE-2020-13278MEDIUMCVSS 6.1EG 6.1✓ Fixed in 6.5.1
2020-08-12
vulnerable: v5.0 ... v6.5 (79 versions)
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.
CVE-2020-15721MEDIUMCVSS 6.1EG 6.1✓ Fixed in 6.8
2020-07-14
vulnerable: v5.0 ... v6.8-beta (87 versions)
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
CVE-2021-44427CRITICALCVSS 9.8EG 9.8✓ Fixed in 8.1.1
2021-11-29
vulnerable: v5.0 ... v8.1 (133 versions)
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via th…
CVE-2021-44565MEDIUMCVSS 5.4EG 5.4✓ Fixed in 7.6.1
2022-02-24
vulnerable: v5.0 ... v7.6 (116 versions)
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components …
CVE-2021-44566MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.3
2022-02-24
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.
CVE-2021-44567CRITICALCVSS 9.8EG 9.8✓ Fixed in 7.6.1
2022-02-24
vulnerable: v5.0 ... v7.6 (116 versions)
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
CVE-2021-45416MEDIUMCVSS 6.1EG 6.1✓ Fixed in 8.3
2022-02-01
vulnerable: v5.0 ... v8.2.1 (136 versions)
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
CVE-2022-1997MEDIUMCVSS 5.4EG 5.4✓ Fixed in 9.0
2022-06-08
vulnerable: v5.0 ... v8.9.6 (153 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.
CVE-2022-2036MEDIUMCVSS 5.4EG 5.4✓ Fixed in 9.1
2022-06-09
vulnerable: v5.0 ... v9.0 (154 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
CVE-2022-2067CRITICALCVSS 9.1EG 9.1✓ Fixed in 9.0
2022-06-13
vulnerable: v5.0 ... v8.9.6 (153 versions)
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.
CVE-2022-2714CRITICALCVSS 9.8EG 9.8✓ Fixed in 10.1
2022-09-06
vulnerable: v5.0 ... v9.3.2 (160 versions)
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.
CVE-2022-3072MEDIUMCVSS 5.4EG 5.4✓ Fixed in 8.9.3
2022-09-01
vulnerable: v5.0 ... v8.9.2 (149 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.
CVE-2023-0994HIGHCVSS 7.5EG 7.5✓ Fixed in 10.8.2
2023-02-24
vulnerable: v10.1 ... v9.3.2 (185 versions)
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.
CVE-2023-2202MEDIUMCVSS 6.5EG 6.5✓ Fixed in 10.9.3
2023-04-21
vulnerable: v10.1 ... v9.3.2 (192 versions)
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.
CVE-2023-2665HIGHCVSS 7.5EG 7.5✓ Fixed in 11.0
2023-05-12
vulnerable: v10.1 ... v9.3.2 (198 versions)
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.
CVE-2023-29918MEDIUMCVSS 5.4EG 5.4
2023-05-02
vulnerable: v10.1 ... v9.3.2 (188 versions)
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
CVE-2024-3138LOWCVSS 3.5EG 3.5
2024-04-01
vulnerable: v10.1 ... v9.3.2 (218 versions)
** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. T…

Check whether francoisjacquet/rosariosis is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for francoisjacquet/rosariosis CVEs against the assets you own.

Start Free Scan →