CVE-2020-15721: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
References
Detect and mitigate CVE-2020-15721 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →