CRITICAL9.8CVE-2018-1999022PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickF…
from 0, < 5.3.1+dfsg-1
HIGH8.8CVE-2020-36388In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
from 0, < 5.24.5+dfsg1-1
HIGH7.5Regular Expression Denial of Service in jquery-validation
from 0
MEDIUM6.1A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field.
from 0
MEDIUM6.1jquery-validation vulnerable to Cross-site Scripting
from 0
MEDIUM5.4Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code…
from 0
MEDIUM4.3In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.