Show filters
19 Total Results
Displaying 1-10 of 19
Sort by:
Attacker Value
Unknown

CVE-2023-2665

Disclosure Date: May 12, 2023 (last updated October 08, 2023)
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-29918

Disclosure Date: May 02, 2023 (last updated October 08, 2023)
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-2202

Disclosure Date: April 21, 2023 (last updated October 08, 2023)
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-0994

Disclosure Date: February 24, 2023 (last updated October 08, 2023)
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-2714

Disclosure Date: September 06, 2022 (last updated February 24, 2025)
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-3072

Disclosure Date: September 01, 2022 (last updated February 24, 2025)
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-2067

Disclosure Date: June 13, 2022 (last updated February 23, 2025)
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-2036

Disclosure Date: June 09, 2022 (last updated February 23, 2025)
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-1997

Disclosure Date: June 08, 2022 (last updated February 23, 2025)
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-44567

Disclosure Date: February 24, 2022 (last updated February 23, 2025)
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  Next >