PT-2022-12347 · Unknown · Rosariosis
Published
2022-02-01
·
Updated
2022-02-04
·
CVE-2021-45416
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
RosarioSIS version 8.2.1
Description
A Reflected Cross-site scripting (XSS) issue allows attackers to inject arbitrary HTML via the
search term parameter in the "modules/Scheduling/Courses.php" script.Recommendations
For RosarioSIS version 8.2.1, avoid using the
search term parameter in the affected script until the issue is resolved. Consider restricting access to the modules/Scheduling/Courses.php script to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rosariosis