repository icon
francoisjacquet / rosariosis Project repository

RosarioSIS Student Information System for school management.

Submit a report

FIRST INTERACTION

WITHINN/A DAYS

REVIEW

WITHIN16 DAYS

FIX

WITHIN17 DAYS

Server-Side Request Forgery (SSRF) Vulnerability Enabling Proxy Behavior
jsnv-dev
pending
RosarioSIS Server-Side Request Forgery (SSRF)
jsnv-dev
informative
Critical
RosarioSIS Cross-Site Request Forgery (CSRF)
jsnv-dev
self closed
Attached files under salaries module can be harvested by unauthenticated users
b1tch3s
High
CVE-2023-2665
Browser back attack vulnerability
b1tch3s
Medium
CVE-2023-2202
Parameter Pollution in `reason` parameter
test13372
pending
Broken Access Control
jeffreygaor
High
CVE-2023-0994
Arbitrary File Upload Lead to Cross-Site Scripting Stored
jeffreygaor
not applicable
Improper Exception Handling of Integer Input Validation Discloses MySQL DB Attri...
ahmad0x1
duplicate
High
No Rate Limit when creating Objects (ex: Assignments)
ahmad0x1
informative
High
Bypass filter - Stored XSS in Resources
domiee13
Critical
$10CVE-2022-2036
Bypass filter - Stored XSS in Resources
domiee13
duplicate
High
Bypass filter - Stored XSS in Resources
domiee13
High
$5CVE-2022-1997
Stored XSS in Resources
domiee13
High
$5
HTML Injection stored on Portal Notes
nilabhrajpoot
self closed
Student price field accepts negative price
domiee13
informative
Low
Cross-site Scripting (XSS) - Stored
appsectr
Critical
$10
Improper Restriction of Excessive Authentication Attempts in login feature
domiee13
Medium
XSS Stored in SIde.php file
kira2040k
self closed
Cross-site Scripting (XSS) - Reflected
dungtuanha
Critical
$7.5
Cross-site Scripting (XSS) - Reflected
dungtuanha
Critical
$10
Cross site scripting
gaurav-g2
Critical
$9
Improper File Deletion in francoisjacquet/rosariosis
gaurav-g2
not applicable
iframe injection
tharunavula
not applicable
Improper Access Control
khanhchauminh
pending
Improper Access Control
appsectr
Critical
$12
Cross-site Scripting (XSS) - Stored
appsectr
Critical
$10
Improper File Deletion
khanhchauminh
Critical
$16
Improper handling of large integer values
nhienit2010
High
$5
Improper handling of error messages leads to exposure of sensitive information
nhienit2010
self closed
Cross-site scripting via upload `.md` file
nhienit2010
self closed
Improper file deletion
gaurav-g2
Critical
$10
SQL injection
khanhchauminh
not applicable
Cross-site Scripting (XSS) - Stored
khanhchauminh
Critical
$10
Exposure of Sensitive Information to an Unauthorized Actor
dungtuanha
Critical
$10
Improper Access Control (IDOR)
dungtuanha
Critical
$10
Cross-site Scripting (XSS) - Stored
appsectr
High
$5
SQL injection at remove function in PortalNote.php
nhienit2010
self closed
Cross-site Request Forgery (CSRF) in remove function
nhienit2010
self closed
Cross-site Scripting (XSS) - Stored via htm file upload
khanhchauminh
Critical
$10
Cross-site Scripting (XSS) - Stored via xHTML file upload
khanhchauminh
Critical
$10
Small Space of Random Values
appsectr
Critical
$10
Cross-site Scripting (XSS) - Stored via HTML file upload
khanhchauminh
Critical
$10
SQL injection in Calendar.php
minhnb11
High
$5CVE-2022-2067
Cross-site Scripting (XSS) - Stored
appsectr
High
$5
Cross-site Scripting (XSS) - Stored
dungtuanha
Critical
$10
Cross-site scripting - Stored via upload xml file
nhienit2010
Critical
$10
SQL injection in PortalNotes
nhienit2010
Critical
$10
Cross-site scripting - Reflected via mime-type file upload
nhienit2010
Critical
$10
Cross-site Scripting (XSS) - Stored
dungtuanha
duplicate
Critical
Insufficient Session Expiration
crowdoverflow
pending
Stored XSS viva .svg file upload
crowdoverflow
duplicate
Critical
Cross-Site Request Forgery (CSRF)
khanhchauminh
Medium
$7.5
SQL Injection
scgajge12
not applicable
Cross-site Scripting (XSS) - Stored
scgajge12
High
$7.5CVE-2022-3072
Improper Restriction of Rendered UI Layers or Frames
sudheendra17
Medium
Cross-Site Request Forgery (CSRF)
am0o0
High
$25
Cross-Site Request Forgery (CSRF)
am0o0
High
$25
Cross-Site Request Forgery (CSRF)
am0o0
Medium
$25
Cross-Site Request Forgery (CSRF)
am0o0
Medium
$25
Cross-Site Request Forgery (CSRF)
am0o0
High
$25
Cross-Site Request Forgery (CSRF)
am0o0
Medium
$25
Cross-Site Request Forgery (CSRF)
am0o0
Medium
$25
Cross-Site Request Forgery (CSRF)
am0o0
High
$25