Vulnerabilities > Cmseasy > Cmseasy > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-14 | CVE-2024-0523 | SQL Injection vulnerability in Cmseasy A vulnerability was found in CmsEasy up to 7.7.7. | 9.8 |
| 2023-06-27 | CVE-2020-18406 | Insufficiently Protected Credentials vulnerability in Cmseasy 7.0 An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. | 7.5 |
| 2019-02-18 | CVE-2019-8434 | Cross-site Scripting vulnerability in Cmseasy 7.0 In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. | 4.3 |
| 2019-02-18 | CVE-2019-8432 | Cross-site Scripting vulnerability in Cmseasy 7.0 In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. | 4.3 |