Vulnerabilities > Razorcms

DATE CVE VULNERABILITY TITLE RISK
2018-12-31 CVE-2018-19906 Cross-site Scripting vulnerability in Razorcms 3.4.8
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.
network
low complexity
razorcms CWE-79
5.4
2018-12-31 CVE-2018-19905 Cross-site Scripting vulnerability in Razorcms 3.4.8
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.
network
low complexity
razorcms CWE-79
5.4
2018-10-05 CVE-2018-17986 Cross-Site Request Forgery (CSRF) vulnerability in Razorcms 3.4.8
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.
network
low complexity
razorcms CWE-352
8.8
2018-09-12 CVE-2018-16727 Cross-site Scripting vulnerability in Razorcms 3.4.7
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.
network
low complexity
razorcms CWE-79
5.4
2018-09-12 CVE-2018-16726 Cross-site Scripting vulnerability in Razorcms 3.4.7
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.
network
low complexity
razorcms CWE-79
5.4