exploitDog

CVE-2020-15721

Опубликовано: 14 июл. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.

Ссылки

https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md
Release Notes
Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/commit/c4a694860b50c4aa5c67d6568f7d0613fef1a30d
Patch
Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/issues/291
Broken Link
https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md
Release Notes
Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/commit/c4a694860b50c4aa5c67d6568f7d0613fef1a30d
Patch
Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/issues/291
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rosariosis:rosariosis:*:*:*:*:*:*:*:*

Версия до 6.7.2 (включая)

cpe:2.3:a:rosariosis:rosariosis:6.8:-:*:*:*:*:*:*

cpe:2.3:a:rosariosis:rosariosis:6.8:beta:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00432

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-6vc5-v7hw-h5h2

CVSS3: 6.1

github

почти 4 года назад

Cross-site Scripting in RosarioSIS

EPSS

Процентиль: 62%

0.00432

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79