Описание
Cross site scripting in francoisjacquet/rosariosis
A Cross Site Scripting (XSS) vulnerabilty exits in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JaveScript of HTML.An example of affected components are all Markdown input fields.
Пакеты
Наименование
francoisjacquet/rosariosis
composer
Затронутые версииВерсия исправления
< 7.6.1
7.6.1
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.