CVE-2021-44566

Опубликовано: 24 фев. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.

Ссылки

https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES_V3_4.md#changes-in-43
Release Notes
Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/commit/81886abb45a32e802151660de674f084afaef3aa
Patch
Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/issues/259
Exploit
Issue Tracking
Patch
Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES_V3_4.md#changes-in-43
Release Notes
Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/commit/81886abb45a32e802151660de674f084afaef3aa
Patch
Third Party Advisory
https://gitlab.com/francoisjacquet/rosariosis/-/issues/259
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rosariosis:rosariosis:*:*:*:*:*:*:*:*

Версия до 4.3 (исключая)

EPSS

Процентиль: 49%

0.00263

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3756-hwhv-qw58