Vulnerabilities > Kliqqi > Kliqqi CMS > 3.5.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-22 | CVE-2017-17902 | SQL Injection vulnerability in Kliqqi CMS 3.5.2 SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI. | 7.5 |
2018-04-22 | CVE-2017-17889 | Cross-site Scripting vulnerability in Kliqqi CMS 3.5.2 Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php. | 3.5 |