Vulnerability Details CVE-2021-44565
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/307
- https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/307
Products affected by CVE-2021-44565
-
cpe:2.3:a:rosariosis:rosariosis:-
-
cpe:2.3:a:rosariosis:rosariosis:5.0
-
cpe:2.3:a:rosariosis:rosariosis:5.0.1
-
cpe:2.3:a:rosariosis:rosariosis:5.0.2
-
cpe:2.3:a:rosariosis:rosariosis:5.0.3
-
cpe:2.3:a:rosariosis:rosariosis:5.0.4
-
cpe:2.3:a:rosariosis:rosariosis:5.0.5
-
cpe:2.3:a:rosariosis:rosariosis:5.1
-
cpe:2.3:a:rosariosis:rosariosis:5.1.1
-
cpe:2.3:a:rosariosis:rosariosis:5.2
-
cpe:2.3:a:rosariosis:rosariosis:5.3
-
cpe:2.3:a:rosariosis:rosariosis:5.3.1
-
cpe:2.3:a:rosariosis:rosariosis:5.3.2
-
cpe:2.3:a:rosariosis:rosariosis:5.3.3
-
cpe:2.3:a:rosariosis:rosariosis:5.3.4
-
cpe:2.3:a:rosariosis:rosariosis:5.4
-
cpe:2.3:a:rosariosis:rosariosis:5.4.1
-
cpe:2.3:a:rosariosis:rosariosis:5.4.2
-
cpe:2.3:a:rosariosis:rosariosis:5.4.3
-
cpe:2.3:a:rosariosis:rosariosis:5.4.4
-
cpe:2.3:a:rosariosis:rosariosis:5.4.5
-
cpe:2.3:a:rosariosis:rosariosis:5.4.6
-
cpe:2.3:a:rosariosis:rosariosis:5.4.7
-
cpe:2.3:a:rosariosis:rosariosis:5.5
-
cpe:2.3:a:rosariosis:rosariosis:5.5.1
-
cpe:2.3:a:rosariosis:rosariosis:5.5.2
-
cpe:2.3:a:rosariosis:rosariosis:5.5.3
-
cpe:2.3:a:rosariosis:rosariosis:5.5.4
-
cpe:2.3:a:rosariosis:rosariosis:5.6
-
cpe:2.3:a:rosariosis:rosariosis:5.6.1
-
cpe:2.3:a:rosariosis:rosariosis:5.6.2
-
cpe:2.3:a:rosariosis:rosariosis:5.6.3
-
cpe:2.3:a:rosariosis:rosariosis:5.6.4
-
cpe:2.3:a:rosariosis:rosariosis:5.6.5
-
cpe:2.3:a:rosariosis:rosariosis:5.7.1
-
cpe:2.3:a:rosariosis:rosariosis:5.7.2
-
cpe:2.3:a:rosariosis:rosariosis:5.7.3
-
cpe:2.3:a:rosariosis:rosariosis:5.7.4
-
cpe:2.3:a:rosariosis:rosariosis:5.7.5
-
cpe:2.3:a:rosariosis:rosariosis:5.7.6
-
cpe:2.3:a:rosariosis:rosariosis:5.7.7
-
cpe:2.3:a:rosariosis:rosariosis:5.8
-
cpe:2.3:a:rosariosis:rosariosis:5.8.1
-
cpe:2.3:a:rosariosis:rosariosis:5.9
-
cpe:2.3:a:rosariosis:rosariosis:5.9.1
-
cpe:2.3:a:rosariosis:rosariosis:5.9.2
-
cpe:2.3:a:rosariosis:rosariosis:5.9.3
-
cpe:2.3:a:rosariosis:rosariosis:5.9.4
-
cpe:2.3:a:rosariosis:rosariosis:5.9.5
-
cpe:2.3:a:rosariosis:rosariosis:5.9.6
-
cpe:2.3:a:rosariosis:rosariosis:6.0
-
cpe:2.3:a:rosariosis:rosariosis:6.1
-
cpe:2.3:a:rosariosis:rosariosis:6.2
-
cpe:2.3:a:rosariosis:rosariosis:6.2.1
-
cpe:2.3:a:rosariosis:rosariosis:6.2.2
-
cpe:2.3:a:rosariosis:rosariosis:6.2.3
-
cpe:2.3:a:rosariosis:rosariosis:6.3
-
cpe:2.3:a:rosariosis:rosariosis:6.4
-
cpe:2.3:a:rosariosis:rosariosis:6.4.1
-
cpe:2.3:a:rosariosis:rosariosis:6.4.2
-
cpe:2.3:a:rosariosis:rosariosis:6.5
-
cpe:2.3:a:rosariosis:rosariosis:6.5.1
-
cpe:2.3:a:rosariosis:rosariosis:6.5.2
-
cpe:2.3:a:rosariosis:rosariosis:6.6
-
cpe:2.3:a:rosariosis:rosariosis:6.6.1
-
cpe:2.3:a:rosariosis:rosariosis:6.7
-
cpe:2.3:a:rosariosis:rosariosis:6.7.1
-
cpe:2.3:a:rosariosis:rosariosis:6.7.2
-
cpe:2.3:a:rosariosis:rosariosis:6.8