CVE-2020-15718

MEDIUM NUCLEI

Rosariosis - XSS

Title source: rule

Description

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.

Exploits (1)

exploitdb WORKING POC
by CodeSecLab · textwebappsphp
https://www.exploit-db.com/exploits/52449

Nuclei Templates (1)

RosarioSIS 6.7.2 - Cross-Site Scripting
MEDIUMVERIFIEDby 0xr2r,jarvis-survives
Shodan: http.html:"RosarioSIS"

References (6)

Scores

CVSS v3 6.1
EPSS 0.0291
EPSS Percentile 86.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
rosariosis/rosariosis 6.7.2
Published Jul 15, 2020
Tracked Since Feb 18, 2026