GHSA-287r-574x-f4h4

Source

https://github.com/advisories/GHSA-287r-574x-f4h4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-287r-574x-f4h4/GHSA-287r-574x-f4h4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-287r-574x-f4h4

Aliases

CVE-2021-45416

Published

2022-02-02T00:01:46Z

Modified

2024-12-05T05:41:22.831649Z

Summary

RosarioSIS XSS Vulnerability

Details

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.

Database specific

{
    "nvd_published_at": "2022-02-01T13:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-12T00:23:24Z"
}

References

Affected packages

Packagist / francoisjacquet/rosariosis

Package

Name: francoisjacquet/rosariosis
Purl: pkg:composer/francoisjacquet/rosariosis

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.3

Affected versions

v5.*

v5.0-beta3

v5.0-beta4

v5.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.1-beta

v5.1

v5.1.1

v5.2-beta

v5.2

v5.3-beta

v5.3

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.4-beta

v5.4

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v5.4.5

v5.4.6

v5.4.7

v5.5-beta

v5.5-beta2

v5.5-beta3

v5.5

v5.5.1

v5.5.2

v5.5.3

v5.5.4

v5.6-beta

v5.6

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.7

v5.7.1

v5.7.2

v5.7.3

v5.7.4

v5.7.5

v5.7.6

v5.7.7

v5.8-beta

v5.8-beta2

v5.8-beta3

v5.8-beta4

v5.8-beta5

v5.8

v5.8.1

v5.9-beta2

v5.9-beta3

v5.9

v5.9.1

v5.9.2

v5.9.3

v5.9.4

v5.9.5

v5.9.6

v6.*

v6.0-beta

v6.0

v6.1

v6.2

v6.2.1

v6.2.2

v6.2.3

v6.3

v6.4

v6.4.1

v6.4.2

v6.5

v6.5.1

v6.5.2

v6.6

v6.6.1

v6.7

v6.7.1

v6.7.2

v6.8-beta

v6.8

v6.8.1

v6.9-beta

v6.9

v6.9.1

v6.9.2

v6.9.3

v6.9.4

v7.*

v7.0-beta

v7.0

v7.0.1

v7.0.2

v7.0.3

v7.0.4

v7.1

v7.1.1

v7.1.2

v7.1.3

v7.1.4

v7.2

v7.2.1

v7.2.2

v7.2.3

v7.2.4

v7.3

v7.3.1

v7.4

v7.5

v7.6

v7.6.1

v7.7

v7.8

v7.8.1

v7.8.2

v7.8.3

v7.8.4

v7.9

v7.9.1

v7.9.2

v7.9.3

v8.*

v8.0

v8.0.1

v8.0.2

v8.0.3

v8.0.4

v8.1

v8.1.1

v8.2

v8.2.1

Database specific

{
    "last_known_affected_version_range": "<= 8.2.1"
}