CVE-2020-15718

francoisjacquet/rosariosis
on gitlab

Published

Severity

CVSS v3:
6.1 MEDIUM
CVSS v2:
4.3 MEDIUM

Description

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.

References

Configurations

CPE23Version StartVersion EndExact Version
cpe:2.3:a:rosariosis:rosariosis:6.7.2:*:*:*:*:*:*:*n/an/a6.7.2

External Links