Vulnerabilities > Razorcms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-31 | CVE-2018-19906 | Cross-site Scripting vulnerability in Razorcms 3.4.8 Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. | 5.4 |
2018-12-31 | CVE-2018-19905 | Cross-site Scripting vulnerability in Razorcms 3.4.8 HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter. | 5.4 |
2018-10-05 | CVE-2018-17986 | Cross-Site Request Forgery (CSRF) vulnerability in Razorcms 3.4.8 rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. | 8.8 |
2018-09-12 | CVE-2018-16727 | Cross-site Scripting vulnerability in Razorcms 3.4.7 razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. | 5.4 |
2018-09-12 | CVE-2018-16726 | Cross-site Scripting vulnerability in Razorcms 3.4.7 razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. | 5.4 |