CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2067 – SQL Injection in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-2067
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. Una Inyección SQL en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 9.0 • https://github.com/francoisjacquet/rosariosis/commit/15d5e8700d538935b5c411b2a1e25bcf7e16c47c https://huntr.dev/bounties/a85a53a4-3009-4f41-ac33-8bed8bbe16a8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2036 – Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-2036
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 9.0.1 • https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398a https://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1997 – Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-1997
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 9.0 • https://github.com/francoisjacquet/rosariosis/commit/6b22c0b5b40fad891c8cf9e7eeff3e42a35c0bf8 https://huntr.dev/bounties/28861ae9-7b09-45b7-a003-eccf903db71d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44567
https://notcve.org/view.php?id=CVE-2021-44567
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. Se presenta una vulnerabilidad de inyección SQL en RosarioSIS versiones anteriores a 7.6.1, por medio del parámetro votes en el archivo ProgramFunctions/PortalPollsNotes.fnc.php • https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761 https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaa https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016 https://gitlab.com/francoisjacquet/rosariosis/-/issues/308 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44565
https://notcve.org/view.php?id=CVE-2021-44565
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en RosarioSIS versiones anteriores a 7.6.1, por medio de la función xss_clean en el archivo classes/Security.php, que permite a usuarios remotos maliciosos inyectar JaveScript arbitrario de HTML.Un ejemplo de los componentes afectados son todos los campos de entrada de Markdown • https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761 https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636 https://gitlab.com/francoisjacquet/rosariosis/-/issues/307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •