62 matches found
EUVD-2025-208948
Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access unintended file directories. Fixed in 8.1.0 alpha...
EUVD-2025-208950
Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha...
EUVD-2025-208952
Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha...
EUVD-2025-208954
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...
CVE-2025-60949
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...
CVE-2025-60947
Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha...
CVE-2025-60946
Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access unintended file directories. Fixed in 8.1.0 alpha...
CVE-2025-60948
Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha...
CVE-2025-60949
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...
CVE-2025-60949 Census CSWeb leaked configuration files
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...
CVE-2025-60949 Census CSWeb leaked configuration files
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...
CVE-2025-60949
CVE-2025-60949 affects Census CSWeb. In version 8.0.1, the path app/config can be exposed over HTTP in some deployments, allowing a remote, unauthenticated attacker to request configuration files and obtain leaked secrets. Impact is described in CVE records as high confidentiality/integrity risks...
CVE-2025-60948 Census CSWeb stored XSS
Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha...
CVE-2025-60948 Census CSWeb stored XSS
Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha...
CVE-2025-60948
Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha...
CVE-2025-60948
CVE-2025-60948 affects Census CSWeb 8.0.1, which allows stored cross-site scripting in user-supplied fields. A remote, authenticated attacker could store malicious JavaScript that executes in a victim’s browser. The issue is fixed in version 8.1.0 alpha. If you use CSWeb, upgrade to 8.1.0 alpha o...
CVE-2025-60947 Census CSWeb arbitrary file upload
Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha...
CVE-2025-60947
CVE-2025-60947: Census CSWeb 8.0.1 contains an arbitrary file upload vulnerability. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. The issue is fixed in 8.1.0 alpha.
CVE-2025-60947
Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha...
CVE-2025-60947 Census CSWeb arbitrary file upload
Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha...