Vulnerabilities > Razorcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-31 CVE-2018-19906 Cross-site Scripting vulnerability in Razorcms 3.4.8
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.
network
low complexity
razorcms CWE-79
5.4
5.4
2018-12-31 CVE-2018-19905 Cross-site Scripting vulnerability in Razorcms 3.4.8
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.
network
low complexity
razorcms CWE-79
5.4
5.4
2018-09-12 CVE-2018-16727 Cross-site Scripting vulnerability in Razorcms 3.4.7
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.
network
low complexity
razorcms CWE-79
5.4
5.4
2018-09-12 CVE-2018-16726 Cross-site Scripting vulnerability in Razorcms 3.4.7
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.
network
low complexity
razorcms CWE-79
5.4
5.4