CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2307 – Cross-Site Request Forgery (CSRF) in builderio/qwik
https://notcve.org/view.php?id=CVE-2023-2307
Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0. • https://github.com/BuilderIO/qwik/pull/3862/commits/09190b70027354baf7ad3d208df9c05a87f75f57 https://huntr.dev/bounties/204ea12e-9e5c-4166-bf0e-fd49c8836917 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1283 – Code Injection in builderio/qwik
https://notcve.org/view.php?id=CVE-2023-1283
Code Injection in GitHub repository builderio/qwik prior to 0.21.0. • https://github.com/BuilderIO/qwik/pull/3249/commits/4d9ba6e098ae6e537aa55abb6b8369bb670ffe66 https://huntr.dev/bounties/63f1ff91-48f3-4886-a179-103f1ddd8ff8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0410 – Cross-site Scripting (XSS) - Generic in builderio/qwik
https://notcve.org/view.php?id=CVE-2023-0410
Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5. Cross-site scripting (XSS) genérico en el repositorio de GitHub builderio/qwik anterior a 0.1.0-beta5. • https://github.com/builderio/qwik/commit/4b2f89dbbd2bc0a2c92eae1a49bdd186e589151a https://huntr.dev/bounties/2da583f0-7f66-4ba7-9bed-8e7229aa578e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •