Giters

86x / CVE-2021-45416

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2021-45416

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.

  • Vendor: francoisjacquet
  • Vendor Website: https://www.rosariosis.org/
  • Affected Product: RosarioSIS
  • Affected Versions: v8.2.1, however it is assumed earlier versions might be affected as well

Instructions to reproduce:

Cause

User-supplied input in the search_term parameter is improperly neutralized in the modules/Scheduling/Courses.php script, which is accessible through ChooseCourse.php and ChooseRequest.php as shown in the proof of concept that you can find in this repo.

Solution

Update to the latest version of RosarioSIS. This issue was fixed in version v8.3.

References

History (in the format dd.mm.yyyy)

  • 01.02.2022 - CVE published by MITRE
  • 27.01.2022 - CVE was assigned and marked as reserved
  • 17.12.2021 - Requested CVE through MITRE webform
  • 22.10.2021 - Vendor released new version containing the fix (v8.3)
  • 20.10.2021 - Received reply from vendor, along with a link to a new commit fixing the issue and the announcement that a new release containing the fix will follow in the same week. Vendor asked me to wait two months after that release before public disclosure.
  • 20.10.2021 - Initial report to vendor
  • 20.10.2021 - Finding of vulnerability

About

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.

Languages

Language:HTML 100.0%