Vulnerabilities > Kliqqi > Kliqqi CMS > 3.5.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-22 | CVE-2017-17902 | SQL Injection vulnerability in Kliqqi CMS 3.5.2 SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI. | 7.5 |
| 2018-04-22 | CVE-2017-17889 | Cross-site Scripting vulnerability in Kliqqi CMS 3.5.2 Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php. | 3.5 |