Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-14	CVE-2023-29847	Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. network low complexity aerocms-project CWE-79	5.4
2022-12-13	CVE-2022-46059	Cross-Site Request Forgery (CSRF) vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). network low complexity aerocms-project CWE-352	6.5
2022-12-13	CVE-2022-46047	SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter. network low complexity aerocms-project CWE-89	4.9
2022-12-13	CVE-2022-46058	Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. network low complexity aerocms-project CWE-79	4.8
2022-12-13	CVE-2022-46061	Improper Restriction of Rendered UI Layers or Frames vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 is vulnerable to ClickJacking. network low complexity aerocms-project CWE-1021	6.1
2022-11-22	CVE-2022-45529	SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. network low complexity aerocms-project CWE-89	4.9
2022-11-22	CVE-2022-45535	SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. network low complexity aerocms-project CWE-89	4.9
2022-11-22	CVE-2022-45536	SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. network low complexity aerocms-project CWE-89	4.9
2022-08-31	CVE-2022-38812	SQL Injection vulnerability in Aerocms Project Aerocms 0.1.1 AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. network low complexity aerocms-project CWE-89	6.5
2022-04-08	CVE-2022-27062	Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. network low complexity aerocms-project CWE-79	4.8