CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2665 – Storage of Sensitive Data in a Mechanism without Access Control in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2023-2665
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. • https://github.com/francoisjacquet/rosariosis/commit/09d5afaa6be07688ca1a7ac3b755b5438109e986 https://huntr.dev/bounties/42f38a84-8954-484d-b5ff-706ca0918194 • CWE-921: Storage of Sensitive Data in a Mechanism without Access Control CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-29918 – RosarioSIS 10.8.4 - CSV Injection
https://notcve.org/view.php?id=CVE-2023-29918
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. • https://www.exploit-db.com/exploits/51622 https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2202 – Improper Access Control in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2023-2202
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. • https://github.com/francoisjacquet/rosariosis/commit/6433946abfb34324616e833b1c00d0b2450753be https://huntr.dev/bounties/efe6ef47-d17c-4773-933a-4836c32db85c • CWE-284: Improper Access Control •