CVE-2024-3138Cross-site Scripting in Rosariosis

CWE-79Cross-site Scripting5 documents4 sources
Severity
3.5LOWNVD
EPSS
0.2%
top 62.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Francoisjacquet Rosariosis
Timeline
PublishedApr 1
Latest updateApr 2

Description

** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

Packagistfrancoisjacquet/rosariosis11.5.1
CVEListV5francoisjacquet/rosariosis11.5.1

🔴Vulnerability Details

2
GHSA
RosarioSIS cross site scripting vulnerability2024-04-02
OSV
RosarioSIS cross site scripting vulnerability2024-04-02

💬Community

1
Bugzilla
CVE-2023-52580 kernel: net/core: kernel crash in ETH_P_1588 flow dissector2024-03-04