Vulnerabilities > Glfusion > Glfusion > 1.7.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-29 | CVE-2021-45843 | Cross-site Scripting vulnerability in Glfusion 1.7.9 glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. | 6.1 |
| 2021-12-14 | CVE-2021-44942 | Cross-Site Request Forgery (CSRF) vulnerability in Glfusion 1.7.9 glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. | 4.3 |
| 2021-12-14 | CVE-2021-44949 | Authorization Bypass Through User-Controlled Key vulnerability in Glfusion 1.7.9 glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. | 9.8 |
| 2021-12-14 | CVE-2021-44935 | Origin Validation Error vulnerability in Glfusion 1.7.9 glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. | 6.4 |
| 2021-12-14 | CVE-2021-44937 | Improper Authentication vulnerability in Glfusion 1.7.9 glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. | 5.0 |