Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-23	CVE-2023-25440	Cross-site Scripting vulnerability in Civicrm 5.59 Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. network low complexity civicrm CWE-79	5.4
2021-06-17	CVE-2020-36389	Cross-Site Request Forgery (CSRF) vulnerability in Civicrm In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. network low complexity civicrm CWE-352	4.3