Vulnerabilities > Sitos > Sitos SIX > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-07 | CVE-2019-15750 | Cross-site Scripting vulnerability in Sitos SIX 6.2.1 A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 6.1 |
| 2019-10-07 | CVE-2019-15749 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Sitos SIX 6.2.1 SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. | 6.5 |