CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3072 – Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-3072
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio GitHub francoisjacquet/rosariosis versiones anteriores a 8.9.3 • https://github.com/francoisjacquet/rosariosis/commit/dcd3b86156bf9e981944e1a9e01ea23d8ad7c83a https://huntr.dev/bounties/9755ae6a-b08b-40a0-8089-c723b2d9ca52 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2067 – SQL Injection in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-2067
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. Una Inyección SQL en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 9.0 • https://github.com/francoisjacquet/rosariosis/commit/15d5e8700d538935b5c411b2a1e25bcf7e16c47c https://huntr.dev/bounties/a85a53a4-3009-4f41-ac33-8bed8bbe16a8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2036 – Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-2036
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 9.0.1 • https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398a https://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1997 – Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-1997
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 9.0 • https://github.com/francoisjacquet/rosariosis/commit/6b22c0b5b40fad891c8cf9e7eeff3e42a35c0bf8 https://huntr.dev/bounties/28861ae9-7b09-45b7-a003-eccf903db71d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44567
https://notcve.org/view.php?id=CVE-2021-44567
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. Se presenta una vulnerabilidad de inyección SQL en RosarioSIS versiones anteriores a 7.6.1, por medio del parámetro votes en el archivo ProgramFunctions/PortalPollsNotes.fnc.php • https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761 https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaa https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016 https://gitlab.com/francoisjacquet/rosariosis/-/issues/308 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •