Search CVE reports
11 – 14 of 14 results
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
1 affected package
civicrm
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| civicrm | Not in release | Not in release | Not affected | Ignored | Ignored |
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
1 affected package
civicrm
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| civicrm | Not in release | Not in release | Not affected | Ignored | Ignored |
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are...
3 affected packages
civicrm, otrs2, phpmyadmin
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| civicrm | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
| otrs2 | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
| phpmyadmin | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions...
1 affected package
civicrm
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| civicrm | Not in release | Not in release | Needs evaluation | Ignored | Ignored |