CVE-2021-44565
published 2022-02-24CVE-2021-44565: A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious…
PriorityP422medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.72%
49.2th percentile
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francoisjacquet | rosariosis | >= 0 < 7.6.1 | 7.6.1 |
| rosariosis | rosariosis | < 7.6.1 | 7.6.1 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross site scripting in francoisjacquet/rosariosis
osv·2022-02-25
CVE-2021-44565 [MEDIUM] Cross site scripting in francoisjacquet/rosariosis
Cross site scripting in francoisjacquet/rosariosis
A Cross Site Scripting (XSS) vulnerabilty exits in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JaveScript of HTML.An example of affected components are all Markdown input fields.
GHSA
Cross site scripting in francoisjacquet/rosariosis
ghsa·2022-02-25
CVE-2021-44565 [MEDIUM] CWE-79 Cross site scripting in francoisjacquet/rosariosis
Cross site scripting in francoisjacquet/rosariosis
A Cross Site Scripting (XSS) vulnerabilty exits in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JaveScript of HTML.An example of affected components are all Markdown input fields.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636https://gitlab.com/francoisjacquet/rosariosis/-/issues/307https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636https://gitlab.com/francoisjacquet/rosariosis/-/issues/307
2022-02-24
Published