CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2067 – SQL Injection in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-2067
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. Una Inyección SQL en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 9.0 • https://github.com/francoisjacquet/rosariosis/commit/15d5e8700d538935b5c411b2a1e25bcf7e16c47c https://huntr.dev/bounties/a85a53a4-3009-4f41-ac33-8bed8bbe16a8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2036 – Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-2036
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 9.0.1 • https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398a https://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1997 – Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-1997
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 9.0 • https://github.com/francoisjacquet/rosariosis/commit/6b22c0b5b40fad891c8cf9e7eeff3e42a35c0bf8 https://huntr.dev/bounties/28861ae9-7b09-45b7-a003-eccf903db71d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44567
https://notcve.org/view.php?id=CVE-2021-44567
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. Se presenta una vulnerabilidad de inyección SQL en RosarioSIS versiones anteriores a 7.6.1, por medio del parámetro votes en el archivo ProgramFunctions/PortalPollsNotes.fnc.php • https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761 https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaa https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016 https://gitlab.com/francoisjacquet/rosariosis/-/issues/308 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44566
https://notcve.org/view.php?id=CVE-2021-44566
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en RosarioSIS versiones anteriores a 4.3, por medio de la función SanitizeMarkDown en el archivo ProgramFunctions/MarkDownHTML.fnc.php • https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES_V3_4.md#changes-in-43 https://gitlab.com/francoisjacquet/rosariosis/-/commit/81886abb45a32e802151660de674f084afaef3aa https://gitlab.com/francoisjacquet/rosariosis/-/issues/259 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •