CVE-2021-44565

Name of the Vulnerable Software and Affected Versions RosarioSIS versions prior to 7.6.1

Description A Cross Site Scripting (XSS) issue exists, allowing remote malicious users to inject arbitrary JavaScript or HTML via the xss clean function in classes/Security.php. Affected components include all Markdown input fields.

Recommendations For versions prior to 7.6.1, update to version 7.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to Markdown input fields until the update is applied.