VYPR

Bitnami package

civicrm

pkg:bitnami/civicrm

Vulnerabilities (3)

  • CVE-2023-25440May 23, 2023
    affected >= 5.59-alpha1.0, <= 5.59-alpha1.0

    Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.

  • CVE-2020-36389Jun 17, 2021
    affected < 5.27.5fixed 5.27.5

    In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.

  • CVE-2020-36388Jun 17, 2021
    affected < 5.21.3fixed 5.21.3

    In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.