VYPR

Tendenci

by Tendenci

pypi: tendenci

Source repositories

CVEs (5)

  • CVE-2025-70959Feb 2, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

  • CVE-2025-70960Feb 2, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

  • CVE-2020-36962Jan 28, 2026
    risk 0.00cvss epss 0.11

    Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary…

  • CVE-2026-23946Jan 22, 2026
    risk 0.00cvss epss 0.01

    Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module (which is not enabled by default). This vulnerability allows Remote…

  • CVE-2008-0793Feb 15, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these…