CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

RedhatCVE•added 2025/05/22 5:37 p.m.•3 views

CVE-2020-36389

In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF...

4.3CVSS6.8AI score0.00661EPSS

Exploits1

Cvelist•added 2023/06/30 6:57 p.m.•18 views

CVE-2023-36477 Persistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of...

9CVSS9.2AI score0.00758EPSS

Exploits1References4

WPVulnDB•added 2021/06/22 12:0 a.m.•16 views

CiviCRM < 5.28.1 - CSRF to Stored XSS

The plugin was vulnerable to CSRF on the CKEditor Configuration Form. The vulnerability was discovered by sonarsource. Update to versions 5.28.1 and above to patch the vulnerability...

4.3CVSS2.9AI score0.00661EPSS

Exploits1References1Affected Software1