Moderate severityNVD Advisory· Published Feb 22, 2022· Updated Aug 4, 2024
CVE-2021-44565
CVE-2021-44565
Description
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
francoisjacquet/rosariosisPackagist | < 7.6.1 | 7.6.1 |
Affected products
2- RosarioSIS/RosarioSISdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-44cg-qcpr-fwjhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-44565ghsaADVISORY
- gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.mdghsax_refsource_MISCWEB
- gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636ghsax_refsource_MISCWEB
- gitlab.com/francoisjacquet/rosariosis/-/issues/307ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.