Corebos
by Solucija
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000547 | Med | 0.35 | 5.3 | 0.01 | Jun 26, 2018 | coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. . | ||
| CVE-2023-48029 | 0.00 | — | 0.01 | Nov 17, 2023 | Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading… | |||
| CVE-2023-3071 | 0.00 | — | 0.01 | Jun 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | |||
| CVE-2023-3074 | 0.00 | — | 0.01 | Jun 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | |||
| CVE-2023-3070 | 0.00 | — | 0.01 | Jun 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | |||
| CVE-2023-3073 | 0.00 | — | 0.00 | Jun 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via evvtgendoc. | |||
| CVE-2023-3075 | 0.00 | — | 0.00 | Jun 2, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. | |||
| CVE-2023-3069 | 0.00 | — | 0.01 | Jun 2, 2023 | Unverified Password Change in GitHub repository tsolucio/corebos prior to 8. | |||
| CVE-2023-1527 | 0.00 | — | 0.01 | Mar 21, 2023 | Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0. | |||
| CVE-2022-4446 | 0.00 | — | 0.01 | Dec 13, 2022 | PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. |
- risk 0.35cvss 5.3epss 0.01
coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. .
- CVE-2023-48029Nov 17, 2023risk 0.00cvss —epss 0.01
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading…
- CVE-2023-3071Jun 2, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
- CVE-2023-3074Jun 2, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
- CVE-2023-3070Jun 2, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
- CVE-2023-3073Jun 2, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via evvtgendoc.
- CVE-2023-3075Jun 2, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8.
- CVE-2023-3069Jun 2, 2023risk 0.00cvss —epss 0.01
Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.
- CVE-2023-1527Mar 21, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0.
- CVE-2022-4446Dec 13, 2022risk 0.00cvss —epss 0.01
PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0.