Vulnerabilities > Civicrm

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-23	CVE-2023-25440	Cross-site Scripting vulnerability in Civicrm 5.59 Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. network low complexity civicrm CWE-79	5.4
2021-06-17	CVE-2020-36388	Unrestricted Upload of File with Dangerous Type vulnerability in Civicrm In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. network low complexity civicrm CWE-434	8.8
2021-06-17	CVE-2020-36389	Cross-Site Request Forgery (CSRF) vulnerability in Civicrm In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. network low complexity civicrm CWE-352	4.3
2018-07-23	CVE-2018-1999022	Code Injection vulnerability in multiple products PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. network low complexity html-quickform-project civicrm CWE-94 critical	9.8

Vulnerabilities > Civicrm {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Civicrm"}]}