rosariosis CVE Vulnerabilities & Metrics

Focus on rosariosis vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About rosariosis Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with rosariosis. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total rosariosis CVEs: 19
Earliest CVE date: 14 Jul 2020, 15:15 UTC
Latest CVE date: 12 May 2023, 01:15 UTC

Latest CVE reference: CVE-2023-2665

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical rosariosis CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.22

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	10
4.0-6.9	7
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS rosariosis CVEs

These are the five CVEs with the highest CVSS scores for rosariosis, sorted by severity first and recency.

CVE-2021-44567 rosariosis Published on 24 Feb 2022, 15:15 UTC (CVSS: 7.5)
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
CVE-2021-44427 rosariosis Published on 29 Nov 2021, 22:15 UTC (CVSS: 7.5)
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
CVE-2022-2067 rosariosis Published on 13 Jun 2022, 13:15 UTC (CVSS: 6.4)
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.
CVE-2021-45416 rosariosis Published on 01 Feb 2022, 13:15 UTC (CVSS: 4.3)
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
CVE-2020-13278 rosariosis Published on 12 Aug 2020, 14:15 UTC (CVSS: 4.3)
Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.

All CVEs for rosariosis

CVE-2023-2665 rosariosis vulnerability CVSS: 0 12 May 2023, 01:15 UTC

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.

CVE-2023-29918 rosariosis vulnerability CVSS: 0 02 May 2023, 16:15 UTC

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.

CVE-2023-2202 rosariosis vulnerability CVSS: 0 21 Apr 2023, 02:15 UTC

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.

CVE-2023-0994 rosariosis vulnerability CVSS: 0 24 Feb 2023, 02:15 UTC

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.

CVE-2022-2714 rosariosis vulnerability CVSS: 0 06 Sep 2022, 11:15 UTC

Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.

CVE-2022-3072 rosariosis vulnerability CVSS: 0 01 Sep 2022, 08:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.

CVE-2022-2067 rosariosis vulnerability CVSS: 6.4 13 Jun 2022, 13:15 UTC

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.

CVE-2022-2036 rosariosis vulnerability CVSS: 3.5 09 Jun 2022, 17:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.

CVE-2022-1997 rosariosis vulnerability CVSS: 3.5 08 Jun 2022, 14:15 UTC

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.

CVE-2021-44567 rosariosis vulnerability CVSS: 7.5 24 Feb 2022, 15:15 UTC

An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.

CVE-2021-44566 rosariosis vulnerability CVSS: 3.5 24 Feb 2022, 15:15 UTC

A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.

CVE-2021-44565 rosariosis vulnerability CVSS: 3.5 24 Feb 2022, 15:15 UTC

A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.

CVE-2021-45416 rosariosis vulnerability CVSS: 4.3 01 Feb 2022, 13:15 UTC

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.

CVE-2021-44427 rosariosis vulnerability CVSS: 7.5 29 Nov 2021, 22:15 UTC

An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.

CVE-2020-13278 rosariosis vulnerability CVSS: 4.3 12 Aug 2020, 14:15 UTC

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.

CVE-2020-15718 rosariosis vulnerability CVSS: 4.3 15 Jul 2020, 20:15 UTC

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.

CVE-2020-15717 rosariosis vulnerability CVSS: 4.3 15 Jul 2020, 19:15 UTC

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.

CVE-2020-15716 rosariosis vulnerability CVSS: 4.3 15 Jul 2020, 19:15 UTC

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.

CVE-2020-15721 rosariosis vulnerability CVSS: 4.3 14 Jul 2020, 15:15 UTC

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.