Vulnerability Description
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rosariosis | Rosariosis | < 7.6.1 |
Related Weaknesses (CWE)
References
- https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-iRelease NotesThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f1PatchThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/307ExploitIssue TrackingThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-iRelease NotesThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f1PatchThird Party Advisory
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/307ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2021-44565?
CVE-2021-44565 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or H...
How severe is CVE-2021-44565?
CVE-2021-44565 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-44565?
Check the references section above for vendor advisories and patch information. Affected products include: Rosariosis Rosariosis.