Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/527298?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/527298?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@7.6", "type": "composer", "namespace": "francoisjacquet", "name": "rosariosis", "version": "7.6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208283?format=api", "vulnerability_id": "VCID-1m1v-bp6w-j7aq", "summary": "Cross site scripting in francoisjacquet/rosariosis", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44565", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58648", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58536", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44565" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/0f5d1f1d193bc6b711d1644f172579d498ec1636" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/307", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44565", "reference_id": "CVE-2021-44565", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44565" }, { "reference_url": "https://github.com/advisories/GHSA-44cg-qcpr-fwjh", "reference_id": "GHSA-44cg-qcpr-fwjh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-44cg-qcpr-fwjh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19512?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@7.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mgc-z72s-k3de" }, { "vulnerability": "VCID-82rr-7qxf-xbae" }, { "vulnerability": "VCID-8vxt-r4zv-uydy" }, { "vulnerability": "VCID-9m1r-237h-qqh6" }, { "vulnerability": "VCID-aacg-t1qq-zuh6" }, { "vulnerability": "VCID-d3kn-2yvz-aqcr" }, { "vulnerability": "VCID-d3vs-a6d2-nqhj" }, { "vulnerability": "VCID-dvc3-x7zr-ekdr" }, { "vulnerability": "VCID-ns7m-nsck-n3dc" }, { "vulnerability": "VCID-udy2-jkvw-4yak" }, { "vulnerability": "VCID-w5fn-sr45-mbea" }, { "vulnerability": "VCID-yrc9-1edv-hbcq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@7.6.1" } ], "aliases": [ "CVE-2021-44565", "GHSA-44cg-qcpr-fwjh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1m1v-bp6w-j7aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64201?format=api", "vulnerability_id": "VCID-4mgc-z72s-k3de", "summary": "** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37298", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37475", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3138" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis" }, { "reference_url": "https://vuldb.com/?ctiid.258911", "reference_id": "?ctiid.258911", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:10:47Z/" } ], "url": "https://vuldb.com/?ctiid.258911" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3138", "reference_id": "CVE-2024-3138", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3138" }, { "reference_url": "https://github.com/advisories/GHSA-r32g-w9cv-9fgc", "reference_id": "GHSA-r32g-w9cv-9fgc", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r32g-w9cv-9fgc" }, { "reference_url": "https://vuldb.com/?id.258911", "reference_id": "?id.258911", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:10:47Z/" } ], "url": "https://vuldb.com/?id.258911" }, { "reference_url": "https://powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410a", "reference_id": "Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410a", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:10:47Z/" } ], "url": "https://powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410a" }, { "reference_url": "https://vuldb.com/?submit.307450", "reference_id": "?submit.307450", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:10:47Z/" } ], "url": "https://vuldb.com/?submit.307450" } ], "fixed_packages": [], "aliases": [ "CVE-2024-3138", "GHSA-r32g-w9cv-9fgc" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mgc-z72s-k3de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206747?format=api", "vulnerability_id": "VCID-82rr-7qxf-xbae", "summary": "SQL Injection in rosariosis", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44427", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88416", "scoring_system": "epss", "scoring_elements": "0.99521", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.88416", "scoring_system": "epss", "scoring_elements": "0.9952", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44427" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis/blob/mobile/CHANGES.md#changes-in-811", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis/blob/mobile/CHANGES.md#changes-in-811" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/328", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/328" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44427", "reference_id": "CVE-2021-44427", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44427" }, { "reference_url": "https://github.com/advisories/GHSA-wf5p-f5xr-c4jj", "reference_id": "GHSA-wf5p-f5xr-c4jj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wf5p-f5xr-c4jj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18163?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@8.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mgc-z72s-k3de" }, { "vulnerability": "VCID-8vxt-r4zv-uydy" }, { "vulnerability": "VCID-9m1r-237h-qqh6" }, { "vulnerability": "VCID-aacg-t1qq-zuh6" }, { "vulnerability": "VCID-d3kn-2yvz-aqcr" }, { "vulnerability": "VCID-d3vs-a6d2-nqhj" }, { "vulnerability": "VCID-dvc3-x7zr-ekdr" }, { "vulnerability": "VCID-ns7m-nsck-n3dc" }, { "vulnerability": "VCID-udy2-jkvw-4yak" }, { "vulnerability": "VCID-w5fn-sr45-mbea" }, { "vulnerability": "VCID-yrc9-1edv-hbcq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@8.1.1" } ], "aliases": [ "CVE-2021-44427", "GHSA-wf5p-f5xr-c4jj" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-82rr-7qxf-xbae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210757?format=api", "vulnerability_id": "VCID-8vxt-r4zv-uydy", "summary": "SQL Injection in RosarioSIS", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00809", "scoring_system": "epss", "scoring_elements": "0.74722", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00809", "scoring_system": "epss", "scoring_elements": "0.74651", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2067" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis/blob/51947b6cfc7f0df62ab3305839c89586004fbec2/modules/School_Setup/Calendar.php#L498", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis/blob/51947b6cfc7f0df62ab3305839c89586004fbec2/modules/School_Setup/Calendar.php#L498" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis/commit/15d5e8700d538935b5c411b2a1e25bcf7e16c47c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis/commit/15d5e8700d538935b5c411b2a1e25bcf7e16c47c" }, { "reference_url": "https://huntr.dev/bounties/a85a53a4-3009-4f41-ac33-8bed8bbe16a8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/a85a53a4-3009-4f41-ac33-8bed8bbe16a8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2067", "reference_id": "CVE-2022-2067", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2067" }, { "reference_url": "https://github.com/advisories/GHSA-3pqv-6pm3-g46j", "reference_id": "GHSA-3pqv-6pm3-g46j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3pqv-6pm3-g46j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24473?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@9.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@9.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/571384?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mgc-z72s-k3de" }, { "vulnerability": "VCID-9m1r-237h-qqh6" }, { "vulnerability": "VCID-d3vs-a6d2-nqhj" }, { "vulnerability": "VCID-dvc3-x7zr-ekdr" }, { "vulnerability": "VCID-udy2-jkvw-4yak" }, { "vulnerability": "VCID-w5fn-sr45-mbea" }, { "vulnerability": "VCID-yrc9-1edv-hbcq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@9.0" } ], "aliases": [ "CVE-2022-2067", "GHSA-3pqv-6pm3-g46j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8vxt-r4zv-uydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211293?format=api", "vulnerability_id": "VCID-9m1r-237h-qqh6", "summary": "RosarioSIS before 10.1 vulnerable to Improper Handling of Length Parameter Inconsistency", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2714", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.626", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62499", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2714" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis/commit/4022954c3f41462bf6225c302a28b0429f6f4df3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis/commit/4022954c3f41462bf6225c302a28b0429f6f4df3" }, { "reference_url": "https://huntr.dev/bounties/430aedac-c7d9-4acb-9bab-bcc0595d9e95", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/430aedac-c7d9-4acb-9bab-bcc0595d9e95" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2714", "reference_id": "CVE-2022-2714", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2714" }, { "reference_url": "https://github.com/advisories/GHSA-vh4m-mw8w-g4w8", "reference_id": "GHSA-vh4m-mw8w-g4w8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vh4m-mw8w-g4w8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26134?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@10.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@10.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/582567?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mgc-z72s-k3de" }, { "vulnerability": "VCID-dvc3-x7zr-ekdr" }, { "vulnerability": "VCID-udy2-jkvw-4yak" }, { "vulnerability": "VCID-w5fn-sr45-mbea" }, { "vulnerability": "VCID-yrc9-1edv-hbcq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@10.1" } ], "aliases": [ "CVE-2022-2714", "GHSA-vh4m-mw8w-g4w8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9m1r-237h-qqh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211283?format=api", "vulnerability_id": "VCID-aacg-t1qq-zuh6", "summary": "francoisjacquet/rosariosis vulnerable to Cross-Site Scripting (XSS)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57833", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57718", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3072" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis/commit/dcd3b86156bf9e981944e1a9e01ea23d8ad7c83a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis/commit/dcd3b86156bf9e981944e1a9e01ea23d8ad7c83a" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis/blob/mobile/CHANGES.md#changes-in-893", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis/blob/mobile/CHANGES.md#changes-in-893" }, { "reference_url": "https://huntr.dev/bounties/9755ae6a-b08b-40a0-8089-c723b2d9ca52", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/9755ae6a-b08b-40a0-8089-c723b2d9ca52" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3072", "reference_id": "CVE-2022-3072", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3072" }, { "reference_url": "https://github.com/advisories/GHSA-2mh7-qxcw-q39g", "reference_id": "GHSA-2mh7-qxcw-q39g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2mh7-qxcw-q39g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26093?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@8.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mgc-z72s-k3de" }, { "vulnerability": "VCID-8vxt-r4zv-uydy" }, { "vulnerability": "VCID-9m1r-237h-qqh6" }, { "vulnerability": "VCID-d3vs-a6d2-nqhj" }, { "vulnerability": "VCID-dvc3-x7zr-ekdr" }, { "vulnerability": "VCID-ns7m-nsck-n3dc" }, { "vulnerability": "VCID-udy2-jkvw-4yak" }, { "vulnerability": "VCID-w5fn-sr45-mbea" }, { "vulnerability": "VCID-yrc9-1edv-hbcq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@8.9.3" } ], "aliases": [ "CVE-2022-3072", "GHSA-2mh7-qxcw-q39g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aacg-t1qq-zuh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207658?format=api", "vulnerability_id": "VCID-d3kn-2yvz-aqcr", "summary": "RosarioSIS XSS Vulnerability", "references": [ { "reference_url": "http://rosariosis.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rosariosis.com" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23057", "scoring_system": "epss", "scoring_elements": "0.96043", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.23057", "scoring_system": "epss", "scoring_elements": "0.96055", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45416" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/aec018065ca12ecef03ee454a8112f992ea35315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/aec018065ca12ecef03ee454a8112f992ea35315" }, { "reference_url": "https://www.youtube.com/watch?v=PvFUxSGpWpY", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.youtube.com/watch?v=PvFUxSGpWpY" }, { "reference_url": "https://github.com/86x/CVE-2021-45416", "reference_id": "CVE-2021-45416", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/86x/CVE-2021-45416" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45416", "reference_id": "CVE-2021-45416", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45416" }, { "reference_url": "https://github.com/advisories/GHSA-287r-574x-f4h4", "reference_id": "GHSA-287r-574x-f4h4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-287r-574x-f4h4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18919?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@8.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@8.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/534808?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mgc-z72s-k3de" }, { "vulnerability": "VCID-8vxt-r4zv-uydy" }, { "vulnerability": "VCID-9m1r-237h-qqh6" }, { "vulnerability": "VCID-aacg-t1qq-zuh6" }, { "vulnerability": "VCID-d3vs-a6d2-nqhj" }, { "vulnerability": "VCID-dvc3-x7zr-ekdr" }, { "vulnerability": "VCID-ns7m-nsck-n3dc" }, { "vulnerability": "VCID-udy2-jkvw-4yak" }, { "vulnerability": "VCID-w5fn-sr45-mbea" }, { "vulnerability": "VCID-yrc9-1edv-hbcq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@8.3" } ], "aliases": [ "CVE-2021-45416", "GHSA-287r-574x-f4h4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3kn-2yvz-aqcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210737?format=api", "vulnerability_id": "VCID-d3vs-a6d2-nqhj", "summary": "Cross site scripting in francoisjacquet/rosariosis", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2036", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60172", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60065", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2036" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis/commit/6e213b17e6ac3a3961e1eabcdaba1c892844398a" }, { "reference_url": "https://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/c7715149-f99c-4d62-a5c6-c78bfdb41905" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2036", "reference_id": "CVE-2022-2036", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2036" }, { "reference_url": "https://github.com/advisories/GHSA-4hpr-hh77-6q9p", "reference_id": "GHSA-4hpr-hh77-6q9p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4hpr-hh77-6q9p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24485?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@9.1.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@9.1.0" } ], "aliases": [ "CVE-2022-2036", "GHSA-4hpr-hh77-6q9p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3vs-a6d2-nqhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148693?format=api", "vulnerability_id": "VCID-dvc3-x7zr-ekdr", "summary": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60926", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60819", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0994" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0994", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0994" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis/commit/630d3e3d78270db8dbcbfe87db265bc3e70c5a76", "reference_id": "630d3e3d78270db8dbcbfe87db265bc3e70c5a76", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-12T15:27:57Z/" } ], "url": "https://github.com/francoisjacquet/rosariosis/commit/630d3e3d78270db8dbcbfe87db265bc3e70c5a76" }, { "reference_url": "https://huntr.dev/bounties/a281c586-9b97-4d17-88ff-ca91bb4c45ad", "reference_id": "a281c586-9b97-4d17-88ff-ca91bb4c45ad", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-12T15:27:57Z/" } ], "url": "https://huntr.dev/bounties/a281c586-9b97-4d17-88ff-ca91bb4c45ad" }, { "reference_url": "https://github.com/advisories/GHSA-prjg-28jg-m3p5", "reference_id": "GHSA-prjg-28jg-m3p5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-prjg-28jg-m3p5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380515?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@10.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mgc-z72s-k3de" }, { "vulnerability": "VCID-udy2-jkvw-4yak" }, { "vulnerability": "VCID-w5fn-sr45-mbea" }, { "vulnerability": "VCID-yrc9-1edv-hbcq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@10.8.2" } ], "aliases": [ "CVE-2023-0994", "GHSA-prjg-28jg-m3p5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dvc3-x7zr-ekdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210734?format=api", "vulnerability_id": "VCID-ns7m-nsck-n3dc", "summary": "Cross-site Scripting in RosarioSIS", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1997", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54584", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54458", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1997" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis/commit/6b22c0b5b40fad891c8cf9e7eeff3e42a35c0bf8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis/commit/6b22c0b5b40fad891c8cf9e7eeff3e42a35c0bf8" }, { "reference_url": "https://huntr.dev/bounties/28861ae9-7b09-45b7-a003-eccf903db71d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/28861ae9-7b09-45b7-a003-eccf903db71d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1997", "reference_id": "CVE-2022-1997", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1997" }, { "reference_url": "https://github.com/advisories/GHSA-wjh9-344g-vc49", "reference_id": "GHSA-wjh9-344g-vc49", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wjh9-344g-vc49" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24473?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@9.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@9.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/571384?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mgc-z72s-k3de" }, { "vulnerability": "VCID-9m1r-237h-qqh6" }, { "vulnerability": "VCID-d3vs-a6d2-nqhj" }, { "vulnerability": "VCID-dvc3-x7zr-ekdr" }, { "vulnerability": "VCID-udy2-jkvw-4yak" }, { "vulnerability": "VCID-w5fn-sr45-mbea" }, { "vulnerability": "VCID-yrc9-1edv-hbcq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@9.0" } ], "aliases": [ "CVE-2022-1997", "GHSA-wjh9-344g-vc49" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ns7m-nsck-n3dc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140769?format=api", "vulnerability_id": "VCID-udy2-jkvw-4yak", "summary": "RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29918", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05831", "scoring_system": "epss", "scoring_elements": "0.90739", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05831", "scoring_system": "epss", "scoring_elements": "0.90769", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29918" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29918", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29918" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51622.txt", "reference_id": "CVE-2023-29918", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51622.txt" }, { "reference_url": "https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing", "reference_id": "edit?usp=sharing", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:29:58Z/" } ], "url": "https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing" }, { "reference_url": "https://github.com/advisories/GHSA-f8hp-grmr-pp7j", "reference_id": "GHSA-f8hp-grmr-pp7j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f8hp-grmr-pp7j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/625018?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@10.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mgc-z72s-k3de" }, { "vulnerability": "VCID-w5fn-sr45-mbea" }, { "vulnerability": "VCID-yrc9-1edv-hbcq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@10.8.5" } ], "aliases": [ "CVE-2023-29918", "GHSA-f8hp-grmr-pp7j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-udy2-jkvw-4yak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150767?format=api", "vulnerability_id": "VCID-w5fn-sr45-mbea", "summary": "Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45892", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.46037", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2202" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis/compare/v10.9.2...v10.9.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis/compare/v10.9.2...v10.9.3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2202", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2202" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis/commit/6433946abfb34324616e833b1c00d0b2450753be", "reference_id": "6433946abfb34324616e833b1c00d0b2450753be", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:48:38Z/" } ], "url": "https://github.com/francoisjacquet/rosariosis/commit/6433946abfb34324616e833b1c00d0b2450753be" }, { "reference_url": "https://huntr.dev/bounties/efe6ef47-d17c-4773-933a-4836c32db85c", "reference_id": "efe6ef47-d17c-4773-933a-4836c32db85c", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:48:38Z/" } ], "url": "https://huntr.dev/bounties/efe6ef47-d17c-4773-933a-4836c32db85c" }, { "reference_url": "https://github.com/advisories/GHSA-g66v-3v62-g375", "reference_id": "GHSA-g66v-3v62-g375", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g66v-3v62-g375" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379492?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@10.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mgc-z72s-k3de" }, { "vulnerability": "VCID-yrc9-1edv-hbcq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@10.9.3" } ], "aliases": [ "CVE-2023-2202", "GHSA-g66v-3v62-g375" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5fn-sr45-mbea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151245?format=api", "vulnerability_id": "VCID-yrc9-1edv-hbcq", "summary": "Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50444", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50311", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2665" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/francoisjacquet/rosariosis" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2665", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2665" }, { "reference_url": "https://github.com/francoisjacquet/rosariosis/commit/09d5afaa6be07688ca1a7ac3b755b5438109e986", "reference_id": "09d5afaa6be07688ca1a7ac3b755b5438109e986", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:58:00Z/" } ], "url": "https://github.com/francoisjacquet/rosariosis/commit/09d5afaa6be07688ca1a7ac3b755b5438109e986" }, { "reference_url": "https://huntr.dev/bounties/42f38a84-8954-484d-b5ff-706ca0918194", "reference_id": "42f38a84-8954-484d-b5ff-706ca0918194", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:58:00Z/" } ], "url": "https://huntr.dev/bounties/42f38a84-8954-484d-b5ff-706ca0918194" }, { "reference_url": "https://github.com/advisories/GHSA-36cm-h8gv-mg97", "reference_id": "GHSA-36cm-h8gv-mg97", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-36cm-h8gv-mg97" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382006?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@11.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@11.0.0" } ], "aliases": [ "CVE-2023-2665", "GHSA-36cm-h8gv-mg97" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrc9-1edv-hbcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208285?format=api", "vulnerability_id": "VCID-zhj4-bf7f-d7c8", "summary": "SQL injection in francoisjacquet/rosariosis", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12478", "scoring_system": "epss", "scoring_elements": "0.94097", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.12478", "scoring_system": "epss", "scoring_elements": "0.94076", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44567" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md#changes-in-761" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaa", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/519af055a4fdc1362657d75bca76f9c95a081eaa" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/e001430aa9fb53d2502fb6f036f6c51c578d2016" }, { "reference_url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/308", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/308" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52169.txt", "reference_id": "CVE-2021-44567", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52169.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44567", "reference_id": "CVE-2021-44567", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44567" }, { "reference_url": "https://github.com/advisories/GHSA-82rr-mq4r-p4r3", "reference_id": "GHSA-82rr-mq4r-p4r3", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-82rr-mq4r-p4r3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19512?format=api", "purl": "pkg:composer/francoisjacquet/rosariosis@7.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4mgc-z72s-k3de" }, { "vulnerability": "VCID-82rr-7qxf-xbae" }, { "vulnerability": "VCID-8vxt-r4zv-uydy" }, { "vulnerability": "VCID-9m1r-237h-qqh6" }, { "vulnerability": "VCID-aacg-t1qq-zuh6" }, { "vulnerability": "VCID-d3kn-2yvz-aqcr" }, { "vulnerability": "VCID-d3vs-a6d2-nqhj" }, { "vulnerability": "VCID-dvc3-x7zr-ekdr" }, { "vulnerability": "VCID-ns7m-nsck-n3dc" }, { "vulnerability": "VCID-udy2-jkvw-4yak" }, { "vulnerability": "VCID-w5fn-sr45-mbea" }, { "vulnerability": "VCID-yrc9-1edv-hbcq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@7.6.1" } ], "aliases": [ "CVE-2021-44567", "GHSA-82rr-mq4r-p4r3" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhj4-bf7f-d7c8" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@7.6" }