Vulnerability Details CVE-2021-44566
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES_V3_4.md#changes-in-43
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/81886abb45a32e802151660de674f084afaef3aa
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/259
- https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES_V3_4.md#changes-in-43
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/81886abb45a32e802151660de674f084afaef3aa
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/259
Products affected by CVE-2021-44566
-
cpe:2.3:a:rosariosis:rosariosis:-