Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-45416
• https://github.com/86x/CVE-2021-45416
• http://rosariosis.com
• https://gitlab.com/francoisjacquet/rosariosis/-/commit/aec018065ca12ecef03ee454a8112f992ea35315
• https://www.youtube.com/watch?v=PvFUxSGpWpY