Bitnami package
civicrm
pkg:bitnami/civicrm
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-25440 | — | >= 5.59-alpha1.0, <= 5.59-alpha1.0 | — | May 23, 2023 | Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. | ||
| CVE-2020-36389 | — | < 5.27.5 | 5.27.5 | Jun 17, 2021 | In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. | ||
| CVE-2020-36388 | — | < 5.21.3 | 5.21.3 | Jun 17, 2021 | In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. |
- CVE-2023-25440May 23, 2023affected >= 5.59-alpha1.0, <= 5.59-alpha1.0
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.
- CVE-2020-36389Jun 17, 2021affected < 5.27.5fixed 5.27.5
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
- CVE-2020-36388Jun 17, 2021affected < 5.21.3fixed 5.21.3
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.