Aggregates CVE and security vulnerability intelligence across all rosariosis-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting, vendor risk sql injection, and vendor risk path handling; exposure may include vendor impact data exposure in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-2665 | Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | [email protected] | 7.5 | 0.61% | 2023-05-11 | 2026-06-17 |
| CVE-2023-29918 | RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | [email protected] | 5.4 | 2.17% | 2023-05-02 | 2026-06-17 |
| CVE-2023-2202 | Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. | [email protected] | 6.5 | 0.54% | 2023-04-20 | 2026-06-17 |
| CVE-2023-0994 | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. | [email protected] | 7.5 | 1.03% | 2023-02-23 | 2026-06-17 |
| CVE-2022-2714 | Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. | [email protected] | 9.8 | 0.72% | 2022-09-06 | 2026-06-17 |
| CVE-2022-3072 | Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. | [email protected] | 5.4 | 0.74% | 2022-09-01 | 2026-06-17 |
| CVE-2022-2067 | SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. | [email protected] | 9.1 | 1.83% | 2022-06-13 | 2026-06-17 |
| CVE-2022-2036 | Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | [email protected] | 5.4 | 0.83% | 2022-06-09 | 2026-06-17 |
| CVE-2022-1997 | Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. | [email protected] | 5.4 | 0.63% | 2022-06-08 | 2026-06-17 |
| CVE-2021-44567 | An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. | [email protected] | 9.8 | 23.67% | 2022-02-24 | 2026-06-17 |
| CVE-2021-44566 | A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. | [email protected] | 5.4 | 0.70% | 2022-02-24 | 2026-06-17 |
| CVE-2021-44565 | A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields. | [email protected] | 5.4 | 0.72% | 2022-02-24 | 2026-06-17 |
| CVE-2021-45416 | Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | [email protected] | 6.1 | 3.00% | 2022-02-01 | 2026-06-17 |
| CVE-2021-44427 | An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter. | [email protected] | 9.8 | 50.64% | 2021-11-29 | 2026-06-17 |
| CVE-2020-13278 | Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request. | [email protected] | 6.1 | 1.43% | 2020-08-12 | 2026-06-16 |
| CVE-2020-15718 | RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL. | [email protected] | 6.1 | 6.33% | 2020-07-15 | 2026-06-16 |
| CVE-2020-15717 | RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL. | [email protected] | 6.1 | 1.51% | 2020-07-15 | 2026-06-16 |
| CVE-2020-15716 | RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL. | [email protected] | 6.1 | 5.56% | 2020-07-15 | 2026-06-16 |
| CVE-2020-15721 | RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php. | [email protected] | 6.1 | 1.47% | 2020-07-14 | 2026-06-16 |