CVE-2021-45416 — RosarioSIS XSS Vulnerability

Description

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.

How to fix CVE-2021-45416

To remediate CVE-2021-45416, upgrade the affected package to a fixed version below.

Packagist/francoisjacquet/rosariosis—upgrade to 8.3 or later

Is CVE-2021-45416 being exploited?

Moderate — EPSS is 23.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 8.3

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-45416
WEBrosariosis.com
WEBgithub.com/86x/CVE-2021-45416
WEBgitlab.com/francoisjacquet/rosariosis/-/commit/aec018065ca12ecef03ee454a8112f992ea35315
WEBwww.youtube.com