Skip to content

Latest commit

 

History

History
36 lines (28 loc) · 2.17 KB

README.md

File metadata and controls

36 lines (28 loc) · 2.17 KB

CVE-2021-45416

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.

  • Vendor: francoisjacquet
  • Vendor Website: https://www.rosariosis.org/
  • Affected Product: RosarioSIS
  • Affected Versions: v8.2.1, however it is assumed earlier versions might be affected as well

Instructions to reproduce:

Cause

User-supplied input in the search_term parameter is improperly neutralized in the modules/Scheduling/Courses.php script, which is accessible through ChooseCourse.php and ChooseRequest.php as shown in the proof of concept that you can find in this repo.

Solution

Update to the latest version of RosarioSIS. This issue was fixed in version v8.3.

References


History (in the format dd.mm.yyyy)

  • 01.02.2022 - CVE published by MITRE
  • 27.01.2022 - CVE was assigned and marked as reserved
  • 17.12.2021 - Requested CVE through MITRE webform
  • 22.10.2021 - Vendor released new version containing the fix (v8.3)
  • 20.10.2021 - Received reply from vendor, along with a link to a new commit fixing the issue and the announcement that a new release containing the fix will follow in the same week. Vendor asked me to wait two months after that release before public disclosure.
  • 20.10.2021 - Initial report to vendor
  • 20.10.2021 - Finding of vulnerability