Vulnerabilities > Humhub

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2019-9093 Cross-site Scripting vulnerability in Humhub 1.3.10
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition.
network
humhub CWE-79
4.3
2016-06-05 CVE-2016-1229 Cross-site Scripting vulnerability in Humhub 0.20.0/0.20.1/1.0.0
Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
humhub CWE-79
3.5
2015-01-06 CVE-2014-9528 SQL Injection vulnerability in Humhub 0.10.0
SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php.
network
low complexity
humhub CWE-89
7.5