VYPR

PyPI package

tendenci

pkg:pypi/tendenci

Vulnerabilities (4)

  • CVE-2025-70959Feb 2, 2026
    affected <= 15.3.7

    A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

  • CVE-2020-36962Jan 28, 2026
    affected < 12.3.2fixed 12.3.2

    Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary comma

  • CVE-2026-23946Jan 22, 2026
    affected < 15.3.12fixed 15.3.12

    Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module (which is not enabled by default). This vulnerability allows Remote C

  • CVE-2020-14942Jun 21, 2020
    affected < 12.0.11fixed 12.0.11

    Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.