Vulnerabilities > Nukeviet > Nukeviet > 3.0.06
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-13 | CVE-2022-3975 | Unspecified vulnerability in Nukeviet A vulnerability, which was classified as problematic, has been found in NukeViet CMS. | 6.1 |
| 2022-06-21 | CVE-2022-30874 | Cross-site Scripting vulnerability in Nukeviet There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. | 5.4 |
| 2020-12-31 | CVE-2019-7726 | SQL Injection vulnerability in Nukeviet modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). | 9.8 |
| 2020-12-31 | CVE-2019-7725 | Deserialization of Untrusted Data vulnerability in Nukeviet includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk). | 9.8 |