github - ghsa-44cg-qcpr-fwjh

ghsa-44cg-qcpr-fwjh

Vulnerability from github

Published

2022-02-25 00:01

Modified

2022-03-04 21:38

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

Cross site scripting in francoisjacquet/rosariosis

Details

A Cross Site Scripting (XSS) vulnerabilty exits in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JaveScript of HTML.An example of affected components are all Markdown input fields.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "francoisjacquet/rosariosis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-44565"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-01T20:47:39Z",
    "nvd_published_at": "2022-02-24T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Cross Site Scripting (XSS) vulnerabilty exits in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JaveScript of HTML.An example of affected components are all Markdown input fields.",
  "id": "GHSA-44cg-qcpr-fwjh",
  "modified": "2022-03-04T21:38:29Z",
  "published": "2022-02-25T00:01:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44565"
    },
    {
      "type": "PACKAGE",
      "url": "https://gitlab.com/francoisjacquet/rosariosis"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/307"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cross site scripting in francoisjacquet/rosariosis"
}

CVE-2021-44565 (GCVE-0-2021-44565)

Vulnerability from cvelistv5

Published

2022-02-22 19:58

Modified

2024-08-04 04:25

Severity ?

CWE

Summary

A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.

References

►

URL

Tags

	https://gitlab.com/francoisjacquet/rosariosis/-/issues/307	x_refsource_MISC
	https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636	x_refsource_MISC
	https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website