CVE-2020-13278: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 6, 2021

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.

References

github.com/advisories/GHSA-4cx9-7xqc-2jxm
gitlab.com/francoisjacquet/rosariosis/-/commit/9cb4fec5fe177f1d3716708b46d1958eac477ebe
gitlab.com/francoisjacquet/rosariosis/-/issues/282
gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13278.json
nvd.nist.gov/vuln/detail/CVE-2020-13278

Code Behaviors & Features

Detect and mitigate CVE-2020-13278 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →