Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-14	CVE-2023-29847	Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. network low complexity aerocms-project CWE-79	5.4
2022-12-13	CVE-2022-46059	Cross-Site Request Forgery (CSRF) vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). network low complexity aerocms-project CWE-352	6.5
2022-12-13	CVE-2022-46047	SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter. network low complexity aerocms-project CWE-89	4.9
2022-12-13	CVE-2022-46058	Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. network low complexity aerocms-project CWE-79	4.8
2022-12-13	CVE-2022-46061	Improper Restriction of Rendered UI Layers or Frames vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 is vulnerable to ClickJacking. network low complexity aerocms-project CWE-1021	6.1
2022-11-22	CVE-2022-45529	SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. network low complexity aerocms-project CWE-89	4.9
2022-11-22	CVE-2022-45535	SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. network low complexity aerocms-project CWE-89	4.9
2022-11-22	CVE-2022-45536	SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. network low complexity aerocms-project CWE-89	4.9
2022-04-08	CVE-2022-27061	Unrestricted Upload of File with Dangerous Type vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. network low complexity aerocms-project CWE-434	6.5
2022-04-08	CVE-2022-27063	Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. network aerocms-project CWE-79	4.3