CVE-2021-45416

EPSS 23.1%

RosarioSIS XSS Vulnerability

Published: 2/2/2022Modified: 12/5/2024

Description

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.

Affected packages (1)

Packagist/francoisjacquet/rosariosisfrom 0, < 8.3

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-45416
WEBhttp://rosariosis.com
WEBhttps://github.com/86x/CVE-2021-45416
WEBhttps://gitlab.com/francoisjacquet/rosariosis/-/commit/aec018065ca12ecef03ee454a8112f992ea35315
WEBhttps://www.youtube.com/watch?v=PvFUxSGpWpY