RosariosisCVEs & Vulnerabilities

19 CVEs affecting Rosariosis products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

rosariosis 19student information system 1
CVE-2021-44427KEVCRITICALin the wild

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.

11 Apr 2026
9.8
CVSS
CVE-2023-2665HIGH

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.

12 May 2023
7.5
CVSS
CVE-2023-29918MEDIUMpoc

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.

2 May 2023
5.4
CVSS
CVE-2023-2202MEDIUM

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.

21 Apr 2023
6.5
CVSS
CVE-2023-0994HIGH

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.

24 Feb 2023
7.5
CVSS
CVE-2022-2714CRITICAL

Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.

6 Sep 2022
9.8
CVSS
CVE-2022-3072MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.

1 Sep 2022
5.4
CVSS
CVE-2022-2067CRITICAL

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.

13 Jun 2022
9.1
CVSS
CVE-2022-2036MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.

9 Jun 2022
5.4
CVSS
CVE-2022-1997MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.

8 Jun 2022
5.4
CVSS
CVE-2021-44567CRITICALpoc

An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.

24 Feb 2022
9.8
CVSS
CVE-2021-44566MEDIUM

A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.

24 Feb 2022
5.4
CVSS
CVE-2021-44565MEDIUM

A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.

24 Feb 2022
5.4
CVSS
CVE-2021-45416MEDIUM

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.

1 Feb 2022
6.1
CVSS
CVE-2020-13278MEDIUM

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.

12 Aug 2020
6.1
CVSS
CVE-2020-15718MEDIUMpoc

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.

15 Jul 2020
6.1
CVSS
CVE-2020-15717MEDIUM

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.

15 Jul 2020
6.1
CVSS
CVE-2020-15716MEDIUMpoc

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.

15 Jul 2020
6.1
CVSS
CVE-2020-15721MEDIUM

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.

14 Jul 2020
6.1
CVSS
← PrevPage 1 / 1Next →