Francois Jacquet

7 exploits Active since Feb 2022
CVE-2021-44567 WRITEUP CRITICAL WRITEUP
RosarioSIS < 7.6.1 - Unauthenticated SQL Injection via PortalPollsNotes Votes Parameter
An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php.
CVSS 9.8
CVE-2021-44565 WRITEUP MEDIUM WRITEUP
RosarioSIS < 7.6.1 - Cross-Site Scripting via Markdown Input Fields
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.
CVSS 5.4
CVE-2021-44566 WRITEUP MEDIUM WRITEUP
RosarioSIS < 4.3 - Cross-Site Scripting via SanitizeMarkDown Function
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.
CVSS 5.4
CVE-2022-2714 WRITEUP CRITICAL WRITEUP
GitHub francoisjacquet/rosariosis <10.0 - Info Disclosure
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.
CVSS 9.8
CVE-2022-3072 WRITEUP MEDIUM WRITEUP
GitHub francoisjacquet/rosariosis <8.9.3 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.
CVSS 5.4
CVE-2023-2202 WRITEUP MEDIUM WRITEUP
rosariosis < 10.9.3 - Improper Access Control
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.
CVSS 6.5
CVE-2023-2665 WRITEUP HIGH WRITEUP
GitHub francoisjacquet/rosariosis <11.0 - Info Disclosure
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.
CVSS 7.5