Cross-site Scripting (XSS) - Reflected in francoisjacquet/rosariosis


Reported on

May 21st 2022


I find Relected XSS in search function.

Proof of Concept

1.Login with admin or teacher account

2.Access this url:;alert(1);//%27&discipline_entry_end=2022-05-21&modname=Discipline/Referrals.php&search_modfunc=list -> Script will be reflected in onclick and onkeypress events.

3.When victim try to type anything on search input field or click on search icon -> Alert box will pop up


  • XSS trigger


  • Script Reflected in some event



This vulnerability is capable of Cross-Site Scripting

We are processing your report and will contact the francoisjacquet/rosariosis team within 24 hours. 2 years ago
A GitHub Issue asking the maintainers to create a exists 2 years ago
We have contacted a member of the francoisjacquet/rosariosis team and are waiting to hear back 2 years ago
François Jacquet validated this vulnerability 2 years ago
dungtuanha has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
François Jacquet marked this as fixed in 9.0 with commit bfe6e0 2 years ago
François Jacquet has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation