CVE-2020-13278 — Cross-site Scripting in Student Information System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 28.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rosariosis Student Information System Francoisjacquet Rosariosis Rosariosis

Timeline

PublishedAug 12

Latest updateMay 6

Description

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDrosariosis/student_information_system< 6.5.1

▶Packagistfrancoisjacquet/rosariosis< 6.5.1

▶CVEListV5rosariosis/rosariosis=6.5.1

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

OSV

Reflected cross-site scripting in francoisjacquet/rosariosis↗2021-05-06

▶

GHSA

Reflected cross-site scripting in francoisjacquet/rosariosis↗2021-05-06

▶