Vulnerabilities > Cmswing > Cmswing > 1.3.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-23 | CVE-2021-43735 | SQL Injection vulnerability in Cmswing 1.3.7 CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule. | 7.5 |
2022-03-23 | CVE-2021-43736 | Argument Injection or Modification vulnerability in Cmswing 1.3.7 CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule | 7.5 |
2021-05-17 | CVE-2020-24992 | Cross-site Scripting vulnerability in Cmswing 1.3.7 There is a cross site scripting vulnerability on CmsWing 1.3.7. | 3.5 |
2021-05-17 | CVE-2020-24993 | Cross-site Scripting vulnerability in Cmswing 1.3.7 There is a cross site scripting vulnerability on CmsWing 1.3.7. | 3.5 |
2019-02-17 | CVE-2019-7649 | Inadequate Encryption Strength vulnerability in Cmswing 1.3.7 global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing. | 5.0 |