Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by notrinos

    CVE-2023-24788 (GCVE-0-2023-24788)

    Vulnerability from nvd – Published: 2023-03-23 00:00 – Updated: 2025-02-25 15:26
    VLAI
    Summary
    NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:03:19.173Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/notrinos/NotrinosERP"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/arvandy/CVE/blob/main/NotrinosERP/POC.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.py"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171804/NotrinosERP-0.7-SQL-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24788",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-25T15:26:19.092126Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-25T15:26:35.308Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-11T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/notrinos/NotrinosERP"
            },
            {
              "url": "https://github.com/arvandy/CVE/blob/main/NotrinosERP/POC.md"
            },
            {
              "url": "https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.py"
            },
            {
              "url": "https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md"
            },
            {
              "url": "http://packetstormsecurity.com/files/171804/NotrinosERP-0.7-SQL-Injection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-24788",
        "datePublished": "2023-03-23T00:00:00.000Z",
        "dateReserved": "2023-01-30T00:00:00.000Z",
        "dateUpdated": "2025-02-25T15:26:35.308Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2965 (GCVE-0-2022-2965)

    Vulnerability from nvd – Published: 2022-08-23 15:40 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp
    Summary
    Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    References
    Impacted products
    Vendor Product Version
    notrinos notrinos/notrinoserp Affected: unspecified , < 0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "notrinos/notrinoserp",
              "vendor": "notrinos",
              "versions": [
                {
                  "lessThan": "0.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-23T15:40:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa"
            }
          ],
          "source": {
            "advisory": "61e3bdf7-3548-45ea-b105-967abc0977f4",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2965",
              "STATE": "PUBLIC",
              "TITLE": "Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "notrinos/notrinoserp",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "notrinos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4"
                },
                {
                  "name": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa",
                  "refsource": "MISC",
                  "url": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa"
                }
              ]
            },
            "source": {
              "advisory": "61e3bdf7-3548-45ea-b105-967abc0977f4",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2965",
        "datePublished": "2022-08-23T15:40:09.000Z",
        "dateReserved": "2022-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2927 (GCVE-0-2022-2927)

    Vulnerability from nvd – Published: 2022-08-22 08:55 – Updated: 2024-08-03 00:53
    VLAI
    Title
    Weak Password Requirements in notrinos/notrinoserp
    Summary
    Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    References
    Impacted products
    Vendor Product Version
    notrinos notrinos/notrinoserp Affected: unspecified , < 0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:53:00.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/7fa956dd-f541-4dcd-987d-ba15caa6a886"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/notrinos/notrinoserp/commit/e61e76b44c6a2b28a4a648a06ef34f65c376ec1e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "notrinos/notrinoserp",
              "vendor": "notrinos",
              "versions": [
                {
                  "lessThan": "0.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-22T08:55:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/7fa956dd-f541-4dcd-987d-ba15caa6a886"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/notrinos/notrinoserp/commit/e61e76b44c6a2b28a4a648a06ef34f65c376ec1e"
            }
          ],
          "source": {
            "advisory": "7fa956dd-f541-4dcd-987d-ba15caa6a886",
            "discovery": "EXTERNAL"
          },
          "title": "Weak Password Requirements in notrinos/notrinoserp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2927",
              "STATE": "PUBLIC",
              "TITLE": "Weak Password Requirements in notrinos/notrinoserp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "notrinos/notrinoserp",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "notrinos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-521 Weak Password Requirements"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/7fa956dd-f541-4dcd-987d-ba15caa6a886",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/7fa956dd-f541-4dcd-987d-ba15caa6a886"
                },
                {
                  "name": "https://github.com/notrinos/notrinoserp/commit/e61e76b44c6a2b28a4a648a06ef34f65c376ec1e",
                  "refsource": "MISC",
                  "url": "https://github.com/notrinos/notrinoserp/commit/e61e76b44c6a2b28a4a648a06ef34f65c376ec1e"
                }
              ]
            },
            "source": {
              "advisory": "7fa956dd-f541-4dcd-987d-ba15caa6a886",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2927",
        "datePublished": "2022-08-22T08:55:09.000Z",
        "dateReserved": "2022-08-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:53:00.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2921 (GCVE-0-2022-2921)

    Vulnerability from nvd – Published: 2022-08-21 03:15 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Exposure of Private Personal Information to an Unauthorized Actor in notrinos/notrinoserp
    Summary
    Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions.
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    notrinos notrinos/notrinoserp Affected: unspecified , < 0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.889Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/51b32a1c-946b-4390-a212-b6c4b6e4115c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/notrinos/notrinoserp/commit/1b9903f4deea3289872793e60d730c63ecbf7b45"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "notrinos/notrinoserp",
              "vendor": "notrinos",
              "versions": [
                {
                  "lessThan": "0.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-21T05:40:08.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/51b32a1c-946b-4390-a212-b6c4b6e4115c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/notrinos/notrinoserp/commit/1b9903f4deea3289872793e60d730c63ecbf7b45"
            }
          ],
          "source": {
            "advisory": "51b32a1c-946b-4390-a212-b6c4b6e4115c",
            "discovery": "EXTERNAL"
          },
          "title": "Exposure of Private Personal Information to an Unauthorized Actor in notrinos/notrinoserp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2921",
              "STATE": "PUBLIC",
              "TITLE": "Exposure of Private Personal Information to an Unauthorized Actor in notrinos/notrinoserp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "notrinos/notrinoserp",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "notrinos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/51b32a1c-946b-4390-a212-b6c4b6e4115c",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/51b32a1c-946b-4390-a212-b6c4b6e4115c"
                },
                {
                  "name": "https://github.com/notrinos/notrinoserp/commit/1b9903f4deea3289872793e60d730c63ecbf7b45",
                  "refsource": "MISC",
                  "url": "https://github.com/notrinos/notrinoserp/commit/1b9903f4deea3289872793e60d730c63ecbf7b45"
                }
              ]
            },
            "source": {
              "advisory": "51b32a1c-946b-4390-a212-b6c4b6e4115c",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2921",
        "datePublished": "2022-08-21T03:15:20.000Z",
        "dateReserved": "2022-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2871 (GCVE-0-2022-2871)

    Vulnerability from nvd – Published: 2022-08-17 09:00 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in notrinos/notrinoserp
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    notrinos notrinos/notrinoserp Affected: unspecified , < 0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/61126c07-22ac-4961-a198-1aa33060b373"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/notrinos/notrinoserp/commit/0362778f4f678156c22a009094225823df8a4760"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "notrinos/notrinoserp",
              "vendor": "notrinos",
              "versions": [
                {
                  "lessThan": "0.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-17T09:00:17.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/61126c07-22ac-4961-a198-1aa33060b373"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/notrinos/notrinoserp/commit/0362778f4f678156c22a009094225823df8a4760"
            }
          ],
          "source": {
            "advisory": "61126c07-22ac-4961-a198-1aa33060b373",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in notrinos/notrinoserp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2871",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Stored in notrinos/notrinoserp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "notrinos/notrinoserp",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "notrinos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/61126c07-22ac-4961-a198-1aa33060b373",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/61126c07-22ac-4961-a198-1aa33060b373"
                },
                {
                  "name": "https://github.com/notrinos/notrinoserp/commit/0362778f4f678156c22a009094225823df8a4760",
                  "refsource": "MISC",
                  "url": "https://github.com/notrinos/notrinoserp/commit/0362778f4f678156c22a009094225823df8a4760"
                }
              ]
            },
            "source": {
              "advisory": "61126c07-22ac-4961-a198-1aa33060b373",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2871",
        "datePublished": "2022-08-17T09:00:17.000Z",
        "dateReserved": "2022-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.647Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24788 (GCVE-0-2023-24788)

    Vulnerability from cvelistv5 – Published: 2023-03-23 00:00 – Updated: 2025-02-25 15:26
    VLAI
    Summary
    NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:03:19.173Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/notrinos/NotrinosERP"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/arvandy/CVE/blob/main/NotrinosERP/POC.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.py"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171804/NotrinosERP-0.7-SQL-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24788",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-25T15:26:19.092126Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-25T15:26:35.308Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-11T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/notrinos/NotrinosERP"
            },
            {
              "url": "https://github.com/arvandy/CVE/blob/main/NotrinosERP/POC.md"
            },
            {
              "url": "https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.py"
            },
            {
              "url": "https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md"
            },
            {
              "url": "http://packetstormsecurity.com/files/171804/NotrinosERP-0.7-SQL-Injection.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-24788",
        "datePublished": "2023-03-23T00:00:00.000Z",
        "dateReserved": "2023-01-30T00:00:00.000Z",
        "dateUpdated": "2025-02-25T15:26:35.308Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2965 (GCVE-0-2022-2965)

    Vulnerability from cvelistv5 – Published: 2022-08-23 15:40 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp
    Summary
    Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.
    CWE
    • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
    Assigner
    References
    Impacted products
    Vendor Product Version
    notrinos notrinos/notrinoserp Affected: unspecified , < 0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "notrinos/notrinoserp",
              "vendor": "notrinos",
              "versions": [
                {
                  "lessThan": "0.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-23T15:40:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa"
            }
          ],
          "source": {
            "advisory": "61e3bdf7-3548-45ea-b105-967abc0977f4",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2965",
              "STATE": "PUBLIC",
              "TITLE": "Improper Restriction of Rendered UI Layers or Frames in notrinos/notrinoserp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "notrinos/notrinoserp",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "notrinos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/61e3bdf7-3548-45ea-b105-967abc0977f4"
                },
                {
                  "name": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa",
                  "refsource": "MISC",
                  "url": "https://github.com/notrinos/notrinoserp/commit/c2ff3d8e85a811003b796ca38f5b3290deeaa3aa"
                }
              ]
            },
            "source": {
              "advisory": "61e3bdf7-3548-45ea-b105-967abc0977f4",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2965",
        "datePublished": "2022-08-23T15:40:09.000Z",
        "dateReserved": "2022-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2927 (GCVE-0-2022-2927)

    Vulnerability from cvelistv5 – Published: 2022-08-22 08:55 – Updated: 2024-08-03 00:53
    VLAI
    Title
    Weak Password Requirements in notrinos/notrinoserp
    Summary
    Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    References
    Impacted products
    Vendor Product Version
    notrinos notrinos/notrinoserp Affected: unspecified , < 0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:53:00.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/7fa956dd-f541-4dcd-987d-ba15caa6a886"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/notrinos/notrinoserp/commit/e61e76b44c6a2b28a4a648a06ef34f65c376ec1e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "notrinos/notrinoserp",
              "vendor": "notrinos",
              "versions": [
                {
                  "lessThan": "0.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-22T08:55:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/7fa956dd-f541-4dcd-987d-ba15caa6a886"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/notrinos/notrinoserp/commit/e61e76b44c6a2b28a4a648a06ef34f65c376ec1e"
            }
          ],
          "source": {
            "advisory": "7fa956dd-f541-4dcd-987d-ba15caa6a886",
            "discovery": "EXTERNAL"
          },
          "title": "Weak Password Requirements in notrinos/notrinoserp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2927",
              "STATE": "PUBLIC",
              "TITLE": "Weak Password Requirements in notrinos/notrinoserp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "notrinos/notrinoserp",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "notrinos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-521 Weak Password Requirements"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/7fa956dd-f541-4dcd-987d-ba15caa6a886",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/7fa956dd-f541-4dcd-987d-ba15caa6a886"
                },
                {
                  "name": "https://github.com/notrinos/notrinoserp/commit/e61e76b44c6a2b28a4a648a06ef34f65c376ec1e",
                  "refsource": "MISC",
                  "url": "https://github.com/notrinos/notrinoserp/commit/e61e76b44c6a2b28a4a648a06ef34f65c376ec1e"
                }
              ]
            },
            "source": {
              "advisory": "7fa956dd-f541-4dcd-987d-ba15caa6a886",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2927",
        "datePublished": "2022-08-22T08:55:09.000Z",
        "dateReserved": "2022-08-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:53:00.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2921 (GCVE-0-2022-2921)

    Vulnerability from cvelistv5 – Published: 2022-08-21 03:15 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Exposure of Private Personal Information to an Unauthorized Actor in notrinos/notrinoserp
    Summary
    Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions.
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    notrinos notrinos/notrinoserp Affected: unspecified , < 0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.889Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/51b32a1c-946b-4390-a212-b6c4b6e4115c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/notrinos/notrinoserp/commit/1b9903f4deea3289872793e60d730c63ecbf7b45"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "notrinos/notrinoserp",
              "vendor": "notrinos",
              "versions": [
                {
                  "lessThan": "0.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-21T05:40:08.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/51b32a1c-946b-4390-a212-b6c4b6e4115c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/notrinos/notrinoserp/commit/1b9903f4deea3289872793e60d730c63ecbf7b45"
            }
          ],
          "source": {
            "advisory": "51b32a1c-946b-4390-a212-b6c4b6e4115c",
            "discovery": "EXTERNAL"
          },
          "title": "Exposure of Private Personal Information to an Unauthorized Actor in notrinos/notrinoserp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2921",
              "STATE": "PUBLIC",
              "TITLE": "Exposure of Private Personal Information to an Unauthorized Actor in notrinos/notrinoserp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "notrinos/notrinoserp",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "notrinos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/51b32a1c-946b-4390-a212-b6c4b6e4115c",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/51b32a1c-946b-4390-a212-b6c4b6e4115c"
                },
                {
                  "name": "https://github.com/notrinos/notrinoserp/commit/1b9903f4deea3289872793e60d730c63ecbf7b45",
                  "refsource": "MISC",
                  "url": "https://github.com/notrinos/notrinoserp/commit/1b9903f4deea3289872793e60d730c63ecbf7b45"
                }
              ]
            },
            "source": {
              "advisory": "51b32a1c-946b-4390-a212-b6c4b6e4115c",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2921",
        "datePublished": "2022-08-21T03:15:20.000Z",
        "dateReserved": "2022-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2871 (GCVE-0-2022-2871)

    Vulnerability from cvelistv5 – Published: 2022-08-17 09:00 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in notrinos/notrinoserp
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    notrinos notrinos/notrinoserp Affected: unspecified , < 0.7 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/61126c07-22ac-4961-a198-1aa33060b373"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/notrinos/notrinoserp/commit/0362778f4f678156c22a009094225823df8a4760"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "notrinos/notrinoserp",
              "vendor": "notrinos",
              "versions": [
                {
                  "lessThan": "0.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-17T09:00:17.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/61126c07-22ac-4961-a198-1aa33060b373"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/notrinos/notrinoserp/commit/0362778f4f678156c22a009094225823df8a4760"
            }
          ],
          "source": {
            "advisory": "61126c07-22ac-4961-a198-1aa33060b373",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in notrinos/notrinoserp",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2871",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Stored in notrinos/notrinoserp"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "notrinos/notrinoserp",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "0.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "notrinos"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/61126c07-22ac-4961-a198-1aa33060b373",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/61126c07-22ac-4961-a198-1aa33060b373"
                },
                {
                  "name": "https://github.com/notrinos/notrinoserp/commit/0362778f4f678156c22a009094225823df8a4760",
                  "refsource": "MISC",
                  "url": "https://github.com/notrinos/notrinoserp/commit/0362778f4f678156c22a009094225823df8a4760"
                }
              ]
            },
            "source": {
              "advisory": "61126c07-22ac-4961-a198-1aa33060b373",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2871",
        "datePublished": "2022-08-17T09:00:17.000Z",
        "dateReserved": "2022-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.647Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }