Vulnerabilities > Razorcms > Razorcms > 3.4.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-31 | CVE-2018-19906 | Cross-site Scripting vulnerability in Razorcms 3.4.8 Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. | 3.5 |
| 2018-12-31 | CVE-2018-19905 | Cross-site Scripting vulnerability in Razorcms 3.4.8 HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter. | 3.5 |
| 2018-10-05 | CVE-2018-17986 | Cross-Site Request Forgery (CSRF) vulnerability in Razorcms 3.4.8 rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. | 6.8 |