Vulnerability Description
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rosariosis | Student Information System | < 6.5.1 |
Related Weaknesses (CWE)
References
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/9cb4fec5fe177f1d3716708b4PatchThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/282ExploitIssue TrackingThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13278.jsonThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/9cb4fec5fe177f1d3716708b4PatchThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/282ExploitIssue TrackingThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13278.jsonThird Party Advisory
FAQ
What is CVE-2020-13278?
CVE-2020-13278 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML ta...
How severe is CVE-2020-13278?
CVE-2020-13278 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13278?
Check the references section above for vendor advisories and patch information. Affected products include: Rosariosis Student Information System.