Vulnerabilities > Civicrm > Civicrm > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-23 | CVE-2023-25440 | Cross-site Scripting vulnerability in Civicrm 5.59 Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. | 5.4 |
| 2021-06-17 | CVE-2020-36389 | Cross-Site Request Forgery (CSRF) vulnerability in Civicrm In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. | 4.3 |