CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2665 – Storage of Sensitive Data in a Mechanism without Access Control in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2023-2665
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. • https://github.com/francoisjacquet/rosariosis/commit/09d5afaa6be07688ca1a7ac3b755b5438109e986 https://huntr.dev/bounties/42f38a84-8954-484d-b5ff-706ca0918194 • CWE-921: Storage of Sensitive Data in a Mechanism without Access Control CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-29918 – RosarioSIS 10.8.4 - CSV Injection
https://notcve.org/view.php?id=CVE-2023-29918
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. • https://www.exploit-db.com/exploits/51622 https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2202 – Improper Access Control in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2023-2202
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. • https://github.com/francoisjacquet/rosariosis/commit/6433946abfb34324616e833b1c00d0b2450753be https://huntr.dev/bounties/efe6ef47-d17c-4773-933a-4836c32db85c • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0994 – Exposure of Sensitive Information to an Unauthorized Actor in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2023-0994
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. • https://github.com/francoisjacquet/rosariosis/commit/630d3e3d78270db8dbcbfe87db265bc3e70c5a76 https://huntr.dev/bounties/a281c586-9b97-4d17-88ff-ca91bb4c45ad • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2714 – Improper Handling of Length Parameter Inconsistency in francoisjacquet/rosariosis
https://notcve.org/view.php?id=CVE-2022-2714
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0. Un Manejo Inapropiado de la Inconsistencia de los Parámetros de Longitud en el repositorio de GitHub francoisjacquet/rosariosis versiones anteriores a 10.0. • https://github.com/francoisjacquet/rosariosis/commit/4022954c3f41462bf6225c302a28b0429f6f4df3 https://huntr.dev/bounties/430aedac-c7d9-4acb-9bab-bcc0595d9e95 • CWE-130: Improper Handling of Length Parameter Inconsistency •