Vulnerabilities > Cmswing > Cmswing > 1.3.7

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2021-43735 SQL Injection vulnerability in Cmswing 1.3.7
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.
network
low complexity
cmswing CWE-89
7.5
7.5
2022-03-23 CVE-2021-43736 Argument Injection or Modification vulnerability in Cmswing 1.3.7
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule
network
low complexity
cmswing CWE-88
7.5
7.5
2021-05-17 CVE-2020-24992 Cross-site Scripting vulnerability in Cmswing 1.3.7
There is a cross site scripting vulnerability on CmsWing 1.3.7.
network
cmswing CWE-79
3.5
3.5
2021-05-17 CVE-2020-24993 Cross-site Scripting vulnerability in Cmswing 1.3.7
There is a cross site scripting vulnerability on CmsWing 1.3.7.
network
cmswing CWE-79
3.5
3.5
2019-02-17 CVE-2019-7649 Inadequate Encryption Strength vulnerability in Cmswing 1.3.7
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
network
low complexity
cmswing CWE-326
5.0
5.0