CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2067 – SQL Injection in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-2067
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. Una Inyección SQL en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 9.0 • https://github.com/francoisjacquet/rosariosis/commit/15d5e8700d538935b5c411b2a1e25bcf7e16c47c https://huntr.dev/bounties/a85a53a4-3009-4f41-ac33-8bed8bbe16a8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2036 – Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-2036
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 9.0.1 • https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398a https://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1997 – Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-1997
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 9.0 • https://github.com/francoisjacquet/rosariosis/commit/6b22c0b5b40fad891c8cf9e7eeff3e42a35c0bf8 https://huntr.dev/bounties/28861ae9-7b09-45b7-a003-eccf903db71d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-45416
https://notcve.org/view.php?id=CVE-2021-45416
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. Una vulnerabilidad de tipo Cross-site scripting (XSS) Reflejado en RosarioSIS versión 8.2.1, permite a atacantes inyectar HTML arbitrario por medio del parámetro search_term en el script modules/Scheduling/Courses.php • https://github.com/86x/CVE-2021-45416 https://github.com/dnr6419/CVE-2021-45416 http://rosariosis.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •