CVE-2021-45416

描述

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.

受影響套件(1)

• Packagist/francoisjacquet/rosariosisfrom 0, < 8.3

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-45416
• WEBhttp://rosariosis.com
• WEBhttps://github.com/86x/CVE-2021-45416
• WEBhttps://gitlab.com/francoisjacquet/rosariosis/-/commit/aec018065ca12ecef03ee454a8112f992ea35315
• WEBhttps://www.youtube.com/watch?v=PvFUxSGpWpY