4 matches found
CVE-2025-60947
CVE-2025-60947: Census CSWeb 8.0.1 contains an arbitrary file upload vulnerability. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. The issue is fixed in 8.1.0 alpha.
CVE-2025-60948
CVE-2025-60948 affects Census CSWeb 8.0.1, which allows stored cross-site scripting in user-supplied fields. A remote, authenticated attacker could store malicious JavaScript that executes in a victim’s browser. The issue is fixed in version 8.1.0 alpha. If you use CSWeb, upgrade to 8.1.0 alpha o...
CVE-2025-60949
CVE-2025-60949 affects Census CSWeb. In version 8.0.1, the path app/config can be exposed over HTTP in some deployments, allowing a remote, unauthenticated attacker to request configuration files and obtain leaked secrets. Impact is described in CVE records as high confidentiality/integrity risks...
CVE-2025-60946
CVE-2025-60946 affects Census CSWeb. In CSWeb 8.0.1, an arbitrary file path input vulnerability enables path traversal, potentially exposing sensitive directories to a remote, authenticated attacker. Impact is described as high for confidentiality, integrity, and availability in the CVSS metrics....