Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution...
8CVSS
7.8AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via...
5.4CVSS
5.4AI Score
0.001EPSS
9.8CVSS
8.7AI Score
0.002EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to...
5.4CVSS
5.6AI Score
0.001EPSS
6.5CVSS
6.8AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to...
5.4CVSS
5.4AI Score
0.001EPSS
Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to...
5.4CVSS
6AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.003EPSS
coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to....
5.3CVSS
5.2AI Score
0.001EPSS