Rosariosis: >> Rosariosis >> 5.4.1 Security Vulnerabilities
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-05-12
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.
CVSS Score
4.6
EPSS Score
0.001
Published
2023-04-21
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.
CVSS Score
8.1
EPSS Score
0.007
Published
2023-02-24
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.
CVSS Score
8.1
EPSS Score
0.001
Published
2022-09-06
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.
CVSS Score
8.0
EPSS Score
0.002
Published
2022-09-01
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-06-13
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.
CVSS Score
9.0
EPSS Score
0.004
Published
2022-06-09
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-06-08
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-02-24
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
CVSS Score
9.8
EPSS Score
0.02
Published
2022-02-24
Page 1