Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
civicrm civicrm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25440
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows malicious users to execute arbitrary code in first/second name field.
Civicrm Civicrm 5.59
NA
CVE-2023-254402023
CiviCRM version 5.59.alpha1 suffers from a persistent cross site scripting vulnerability.
NA
CVE-2023-28115
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can...
Knplabs Snappy
578
VMScore
CVE-2020-36388
In CiviCRM prior to 5.21.3 and 5.22.x up to and including 5.24.x prior to 5.24.3, users may be able to upload and execute a crafted PHAR archive.
Civicrm Civicrm
383
VMScore
CVE-2020-36389
In CiviCRM prior to 5.28.1 and CiviCRM ESR prior to 5.27.5 ESR, the CKEditor configuration form allows CSRF.
Civicrm Civicrm
668
VMScore
CVE-2018-1999022
PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_Q...
Html Quickform Project Html Quickform 3.2.14
Civicrm Civicrm 5.3.0
Civicrm Civicrm
605
VMScore
CVE-2015-4391
Cross-site request forgery (CSRF) vulnerability in the CiviCRM private report module 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.3 for Drupal allows remote malicious users to hijack the authentication of users for requests that delete reports via unspecified vectors.
Civicrm Civicrm Private Report 7.x-1.0
Civicrm Civicrm Private Report 6.x-1.0
Civicrm Civicrm Private Report 7.x-1.1
Civicrm Civicrm Private Report 6.x-1.1
Civicrm Civicrm Private Report 7.x-1.2
435
VMScore
CVE-2013-1636
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin prior to 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 up to and including 4.2.9 and 4.3.0 u...
Blair Williams Pretty Link Lite 1.6.1
Blair Williams Pretty Link Lite 1.6.0
Blair Williams Pretty Link Lite
Joobi Com Jnews 8.0.1
Civicrm Civicrm 3.1.3
Civicrm Civicrm 4.2.5
Civicrm Civicrm 3.1.0
Civicrm Civicrm 4.1.2
Civicrm Civicrm 4.3.1
Civicrm Civicrm 4.1.4
Civicrm Civicrm 4.2.8
Civicrm Civicrm 4.1.1
Civicrm Civicrm 4.2.7
Civicrm Civicrm 3.4.0
Civicrm Civicrm 4.3.0
Civicrm Civicrm 3.3.1
Civicrm Civicrm 3.1.1
Civicrm Civicrm 3.3.0
Civicrm Civicrm 3.2.4
Civicrm Civicrm 3.2.1
Civicrm Civicrm 3.2.3
Civicrm Civicrm 3.3.5
1 EDB exploit
436
VMScore
CVE-2013-4661
CiviCRM 2.0.0 up to and including 4.2.9 and 4.3.0 up to and including 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the "access CiviCRM" permission to bypass intend...
Civicrm Civicrm 3.0.2
Civicrm Civicrm 3.1.3
Civicrm Civicrm 4.2.5
Civicrm Civicrm 4.1.2
Civicrm Civicrm 3.0.3
Civicrm Civicrm 4.3.1
Civicrm Civicrm 2.2.3
Civicrm Civicrm 4.1.4
Civicrm Civicrm 2.2.0
Civicrm Civicrm 2.0.2
Civicrm Civicrm 2.1.0
Civicrm Civicrm 2.1.4
Civicrm Civicrm 4.2.8
Civicrm Civicrm 2.1.1
Civicrm Civicrm 2.0.4
Civicrm Civicrm 4.1.1
Civicrm Civicrm 2.1.2
Civicrm Civicrm 4.2.7
Civicrm Civicrm 2.2.5
Civicrm Civicrm 3.4.0
Civicrm Civicrm 4.3.0
Civicrm Civicrm 2.0.7
578
VMScore
CVE-2013-4662
The Quick Search API in CiviCRM 4.2.0 up to and including 4.2.9 and 4.3.0 up to and including 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to conta...
Civicrm Civicrm 4.2.5
Civicrm Civicrm 4.3.1
Civicrm Civicrm 4.2.8
Civicrm Civicrm 4.2.7
Civicrm Civicrm 4.3.0
Civicrm Civicrm 4.2.1
Civicrm Civicrm 4.2.0
Civicrm Civicrm 4.2.4
Civicrm Civicrm 4.3.2
Civicrm Civicrm 4.2.2
Civicrm Civicrm 4.2.6
Civicrm Civicrm 4.3.3
Civicrm Civicrm 4.2.9
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »