CVE-2020-15718 Information
Feb 14, 2021
cve
Description
RosarioSIS 6.7.2 is vulnerable to XSS caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/184944 https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a https://gitlab.com/francoisjacquet/rosariosis/-/issues/291 https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: