CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2258 – Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
https://notcve.org/view.php?id=CVE-2023-2258
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. • https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2 https://huntr.dev/bounties/31eaf0fe-4d91-4022-aa9b-802bc6eafb8f • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2259 – Improper Neutralization of Special Elements Used in a Template Engine in alfio-event/alf.io
https://notcve.org/view.php?id=CVE-2023-2259
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. • https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2 https://huntr.dev/bounties/e753bce0-ce82-463b-b344-2f67b39b60ff • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2260 – Authorization Bypass Through User-Controlled Key in alfio-event/alf.io
https://notcve.org/view.php?id=CVE-2023-2260
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. • https://github.com/alfio-event/alf.io/commit/c9a16ab93d42b2beb06d529b57890121f85be6ef https://huntr.dev/bounties/649badc8-c935-4a84-8aa8-d3269ac54377 • CWE-639: Authorization Bypass Through User-Controlled Key •