Solucija
Products
3- 10 CVEs
- 8 CVEs
- 5 CVEs
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000547 | Med | 0.35 | 5.3 | 0.01 | Jun 26, 2018 | coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. . | ||
| CVE-2010-2926 | 0.03 | — | 0.01 | Jul 30, 2010 | SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||
| CVE-2006-0715 | 0.03 | — | 0.02 | Feb 15, 2006 | Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field. | |||
| CVE-2005-3853 | 0.03 | — | 0.01 | Nov 27, 2005 | SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php. | |||
| CVE-2023-48029 | 0.00 | — | 0.01 | Nov 17, 2023 | Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading… | |||
| CVE-2023-3075 | 0.00 | — | 0.00 | Jun 2, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. | |||
| CVE-2023-3074 | 0.00 | — | 0.01 | Jun 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | |||
| CVE-2023-3071 | 0.00 | — | 0.01 | Jun 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | |||
| CVE-2023-3069 | 0.00 | — | 0.01 | Jun 2, 2023 | Unverified Password Change in GitHub repository tsolucio/corebos prior to 8. | |||
| CVE-2023-3070 | 0.00 | — | 0.01 | Jun 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | |||
| CVE-2023-3073 | 0.00 | — | 0.00 | Jun 2, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via evvtgendoc. | |||
| CVE-2023-1527 | 0.00 | — | 0.01 | Mar 21, 2023 | Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0. | |||
| CVE-2022-4446 | 0.00 | — | 0.01 | Dec 13, 2022 | PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. | |||
| CVE-2006-3916 | 0.00 | — | 0.01 | Jul 28, 2006 | Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. | |||
| CVE-2006-0716 | 0.00 | — | 0.01 | Feb 15, 2006 | SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. |
- risk 0.35cvss 5.3epss 0.01
coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. .
- CVE-2010-2926Jul 30, 2010risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter.
- CVE-2006-0715Feb 15, 2006risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field.
- CVE-2005-3853Nov 27, 2005risk 0.03cvss —epss 0.01
SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php.
- CVE-2023-48029Nov 17, 2023risk 0.00cvss —epss 0.01
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading…
- CVE-2023-3075Jun 2, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8.
- CVE-2023-3074Jun 2, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
- CVE-2023-3071Jun 2, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
- CVE-2023-3069Jun 2, 2023risk 0.00cvss —epss 0.01
Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.
- CVE-2023-3070Jun 2, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8.
- CVE-2023-3073Jun 2, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via evvtgendoc.
- CVE-2023-1527Mar 21, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0.
- CVE-2022-4446Dec 13, 2022risk 0.00cvss —epss 0.01
PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0.
- CVE-2006-3916Jul 28, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
- CVE-2006-0716Feb 15, 2006risk 0.00cvss —epss 0.01
SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.