CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2258 – Improper Neutralization of Formula Elements in a CSV File in alfio-event/alf.io
https://notcve.org/view.php?id=CVE-2023-2258
24 Apr 2023 — Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. • https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2259 – Improper Neutralization of Special Elements Used in a Template Engine in alfio-event/alf.io
https://notcve.org/view.php?id=CVE-2023-2259
24 Apr 2023 — Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. • https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2260 – Authorization Bypass Through User-Controlled Key in alfio-event/alf.io
https://notcve.org/view.php?id=CVE-2023-2260
24 Apr 2023 — Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. • https://github.com/alfio-event/alf.io/commit/c9a16ab93d42b2beb06d529b57890121f85be6ef • CWE-639: Authorization Bypass Through User-Controlled Key •