{"url":"http://public2.vulnerablecode.io/api/packages/64064?format=json","purl":"pkg:composer/francoisjacquet/rosariosis@10.8.2","type":"composer","namespace":"francoisjacquet","name":"rosariosis","version":"10.8.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45109?format=json","vulnerability_id":"VCID-28z8-qpgm-87c7","summary":"RosarioSIS vulnerable to CSV Injection\nRosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29918","reference_id":"","reference_type":"","scores":[{"value":"0.05831","scoring_system":"epss","scoring_elements":"0.90709","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05831","scoring_system":"epss","scoring_elements":"0.90723","published_at":"2026-06-09T12:55:00Z"},{"value":"0.05831","scoring_system":"epss","scoring_elements":"0.90707","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05831","scoring_system":"epss","scoring_elements":"0.90712","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05831","scoring_system":"epss","scoring_elements":"0.90711","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29918"},{"reference_url":"https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:29:58Z/"}],"url":"https://docs.google.com/document/d/1JAhJOlfKKD5Y5zEKo0_8a3A-nQ7Dz_GIMmlXmOvXV48/edit?usp=sharing"},{"reference_url":"https://github.com/francoisjacquet/rosariosis","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/francoisjacquet/rosariosis"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51622.txt","reference_id":"CVE-2023-29918","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51622.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29918","reference_id":"CVE-2023-29918","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29918"},{"reference_url":"https://github.com/advisories/GHSA-f8hp-grmr-pp7j","reference_id":"GHSA-f8hp-grmr-pp7j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f8hp-grmr-pp7j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/649021?format=json","purl":"pkg:composer/francoisjacquet/rosariosis@10.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cq4-uuy5-4kc9"},{"vulnerability":"VCID-7du9-17y2-zudm"},{"vulnerability":"VCID-n9bv-wsjs-ayh8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@10.8.5"}],"aliases":["CVE-2023-29918","GHSA-f8hp-grmr-pp7j"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28z8-qpgm-87c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47378?format=json","vulnerability_id":"VCID-4cq4-uuy5-4kc9","summary":"RosarioSIS cross site scripting vulnerability\n** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3138","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.373","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37249","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37236","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37274","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37306","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3138"},{"reference_url":"https://github.com/francoisjacquet/rosariosis","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/francoisjacquet/rosariosis"},{"reference_url":"https://powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410a","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:10:47Z/"}],"url":"https://powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410a"},{"reference_url":"https://vuldb.com/?ctiid.258911","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:10:47Z/"}],"url":"https://vuldb.com/?ctiid.258911"},{"reference_url":"https://vuldb.com/?id.258911","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:10:47Z/"}],"url":"https://vuldb.com/?id.258911"},{"reference_url":"https://vuldb.com/?submit.307450","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:10:47Z/"}],"url":"https://vuldb.com/?submit.307450"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3138","reference_id":"CVE-2024-3138","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3138"},{"reference_url":"https://github.com/advisories/GHSA-r32g-w9cv-9fgc","reference_id":"GHSA-r32g-w9cv-9fgc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r32g-w9cv-9fgc"}],"fixed_packages":[],"aliases":["CVE-2024-3138","GHSA-r32g-w9cv-9fgc"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cq4-uuy5-4kc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45021?format=json","vulnerability_id":"VCID-7du9-17y2-zudm","summary":"Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2202","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45866","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45837","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.4587","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45849","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45824","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2202"},{"reference_url":"https://github.com/francoisjacquet/rosariosis","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/francoisjacquet/rosariosis"},{"reference_url":"https://github.com/francoisjacquet/rosariosis/commit/6433946abfb34324616e833b1c00d0b2450753be","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:48:38Z/"}],"url":"https://github.com/francoisjacquet/rosariosis/commit/6433946abfb34324616e833b1c00d0b2450753be"},{"reference_url":"https://github.com/francoisjacquet/rosariosis/compare/v10.9.2...v10.9.3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/francoisjacquet/rosariosis/compare/v10.9.2...v10.9.3"},{"reference_url":"https://huntr.dev/bounties/efe6ef47-d17c-4773-933a-4836c32db85c","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T20:48:38Z/"}],"url":"https://huntr.dev/bounties/efe6ef47-d17c-4773-933a-4836c32db85c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2202","reference_id":"CVE-2023-2202","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2202"},{"reference_url":"https://github.com/advisories/GHSA-g66v-3v62-g375","reference_id":"GHSA-g66v-3v62-g375","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g66v-3v62-g375"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64926?format=json","purl":"pkg:composer/francoisjacquet/rosariosis@10.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4cq4-uuy5-4kc9"},{"vulnerability":"VCID-n9bv-wsjs-ayh8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@10.9.3"}],"aliases":["CVE-2023-2202","GHSA-g66v-3v62-g375"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7du9-17y2-zudm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45238?format=json","vulnerability_id":"VCID-n9bv-wsjs-ayh8","summary":"Insecure Storage of Sensitive Information\nStorage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2665","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50261","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50241","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50222","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50251","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50269","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2665"},{"reference_url":"https://github.com/francoisjacquet/rosariosis","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/francoisjacquet/rosariosis"},{"reference_url":"https://github.com/francoisjacquet/rosariosis/commit/09d5afaa6be07688ca1a7ac3b755b5438109e986","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:58:00Z/"}],"url":"https://github.com/francoisjacquet/rosariosis/commit/09d5afaa6be07688ca1a7ac3b755b5438109e986"},{"reference_url":"https://huntr.dev/bounties/42f38a84-8954-484d-b5ff-706ca0918194","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:58:00Z/"}],"url":"https://huntr.dev/bounties/42f38a84-8954-484d-b5ff-706ca0918194"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2665","reference_id":"CVE-2023-2665","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2665"},{"reference_url":"https://github.com/advisories/GHSA-36cm-h8gv-mg97","reference_id":"GHSA-36cm-h8gv-mg97","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-36cm-h8gv-mg97"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65151?format=json","purl":"pkg:composer/francoisjacquet/rosariosis@11.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@11.0.0"}],"aliases":["CVE-2023-2665","GHSA-36cm-h8gv-mg97"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9bv-wsjs-ayh8"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44533?format=json","vulnerability_id":"VCID-xrf8-z41y-wyeq","summary":"Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0994","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60758","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60753","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60737","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60754","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.6071","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60766","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0994"},{"reference_url":"https://github.com/francoisjacquet/rosariosis","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/francoisjacquet/rosariosis"},{"reference_url":"https://github.com/francoisjacquet/rosariosis/commit/630d3e3d78270db8dbcbfe87db265bc3e70c5a76","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-12T15:27:57Z/"}],"url":"https://github.com/francoisjacquet/rosariosis/commit/630d3e3d78270db8dbcbfe87db265bc3e70c5a76"},{"reference_url":"https://huntr.dev/bounties/a281c586-9b97-4d17-88ff-ca91bb4c45ad","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-12T15:27:57Z/"}],"url":"https://huntr.dev/bounties/a281c586-9b97-4d17-88ff-ca91bb4c45ad"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0994","reference_id":"CVE-2023-0994","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0994"},{"reference_url":"https://github.com/advisories/GHSA-prjg-28jg-m3p5","reference_id":"GHSA-prjg-28jg-m3p5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-prjg-28jg-m3p5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64064?format=json","purl":"pkg:composer/francoisjacquet/rosariosis@10.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-28z8-qpgm-87c7"},{"vulnerability":"VCID-4cq4-uuy5-4kc9"},{"vulnerability":"VCID-7du9-17y2-zudm"},{"vulnerability":"VCID-n9bv-wsjs-ayh8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@10.8.2"}],"aliases":["CVE-2023-0994","GHSA-prjg-28jg-m3p5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xrf8-z41y-wyeq"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/francoisjacquet/rosariosis@10.8.2"}