CVE-2021-44565
on gitlab
Published
Severity
CVSS v3:
5.4 MEDIUM
CVSS v2:
3.5 LOW
Description
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:rosariosis:rosariosis:*:*:*:*:*:*:*:* | n/a | 7.6.1 | * |