GHSA-r32g-w9cv-9fgc

Source
https://github.com/advisories/GHSA-r32g-w9cv-9fgc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-r32g-w9cv-9fgc/GHSA-r32g-w9cv-9fgc.json
Aliases
  • CVE-2024-3138
Published
2024-04-02T00:30:46Z
Modified
2024-04-02T18:41:43.971788Z
Details

* DISPUTED * A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible.

References

Affected packages

Packagist / francoisjacquet/rosariosis

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Last affected
11.5.1

Affected versions

v5.*

v5.0-beta3
v5.0-beta4
v5.0
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.1-beta
v5.1
v5.1.1
v5.2-beta
v5.2
v5.3-beta
v5.3
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.4-beta
v5.4
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.4.5
v5.4.6
v5.4.7
v5.5-beta
v5.5-beta2
v5.5-beta3
v5.5
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.6-beta
v5.6
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.7
v5.7.1
v5.7.2
v5.7.3
v5.7.4
v5.7.5
v5.7.6
v5.7.7
v5.8-beta
v5.8-beta2
v5.8-beta3
v5.8-beta4
v5.8-beta5
v5.8
v5.8.1
v5.9-beta2
v5.9-beta3
v5.9
v5.9.1
v5.9.2
v5.9.3
v5.9.4
v5.9.5
v5.9.6

v6.*

v6.0-beta
v6.0
v6.1
v6.2
v6.2.1
v6.2.2
v6.2.3
v6.3
v6.4
v6.4.1
v6.4.2
v6.5
v6.5.1
v6.5.2
v6.6
v6.6.1
v6.7
v6.7.1
v6.7.2
v6.8-beta
v6.8
v6.8.1
v6.9-beta
v6.9
v6.9.1
v6.9.2
v6.9.3
v6.9.4

v7.*

v7.0-beta
v7.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.1
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.2
v7.2.1
v7.2.2
v7.2.3
v7.2.4
v7.3
v7.3.1
v7.4
v7.5
v7.6
v7.6.1
v7.7
v7.8
v7.8.1
v7.8.2
v7.8.3
v7.8.4
v7.9
v7.9.1
v7.9.2
v7.9.3

v8.*

v8.0
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.1
v8.1.1
v8.2
v8.2.1
v8.3
v8.3.1
v8.4
v8.5
v8.5.1
v8.5.2
v8.6
v8.6.1
v8.7
v8.8
v8.9
v8.9.1
v8.9.2
v8.9.3
v8.9.4
v8.9.5
v8.9.6

v9.*

v9.0
v9.1
v9.1.1
v9.2.2
v9.3
v9.3.1
v9.3.2

v10.*

v10.1
v10.2
v10.2.1
v10.2.2
v10.2.3
v10.3
v10.3.1
v10.3.2
v10.3.3
v10.4
v10.4.1
v10.4.2
v10.4.3
v10.4.4
v10.5
v10.5.1
v10.5.2
v10.6
v10.6.1
v10.6.2
v10.6.3
v10.7
v10.7.1
v10.8
v10.8.1
v10.8.2
v10.8.3
v10.8.4
v10.8.5
v10.9
v10.9.1
v10.9.2
v10.9.3
v10.9.4
v10.9.5
v10.9.6
v10.9.7
v10.9.8

v11.*

v11.0
v11.0.1
v11.0.2
v11.1
v11.1.1
v11.1.2
v11.2
v11.2.1
v11.2.2
v11.2.3
v11.2.4
v11.3
v11.3.1
v11.3.2
v11.3.3
v11.4
v11.4.1
v11.4.2
v11.4.3
v11.4.4