Vulnerabilities > Corebos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-48029 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Corebos 5.4/5.5/7.0 Corebos 8.0 and below is vulnerable to CSV Injection. | 8.0 |
| 2023-06-02 | CVE-2023-3073 | Cross-site Scripting vulnerability in Corebos 5.4/5.5/7.0 Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via evvtgendoc. | 5.4 |
| 2023-06-02 | CVE-2023-3074 | Cross-site Scripting vulnerability in Corebos 5.4/5.5/7.0 Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 5.4 |
| 2023-06-02 | CVE-2023-3075 | Cross-Site Request Forgery (CSRF) vulnerability in Corebos 5.4/5.5/7.0 Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. | 6.5 |
| 2023-06-02 | CVE-2023-3069 | Improper Authentication vulnerability in Corebos 5.4/5.5/7.0 Unverified Password Change in GitHub repository tsolucio/corebos prior to 8. | 9.8 |
| 2023-06-02 | CVE-2023-3070 | Cross-site Scripting vulnerability in Corebos 5.4/5.5/7.0 Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | 5.4 |
| 2023-03-21 | CVE-2023-1527 | Cross-site Scripting vulnerability in Corebos 5.4/5.5/7.0 Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0. | 5.4 |
| 2022-12-13 | CVE-2022-4446 | Incorrect Resource Transfer Between Spheres vulnerability in Corebos 5.4/5.5/7.0 PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. | 9.8 |
| 2018-06-26 | CVE-2018-1000547 | Incorrect Permission Assignment for Critical Resource vulnerability in Corebos 5.4/5.5/7.0 coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. | 5.3 |