VYPR
Vendor

Census

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2025-60949Mar 23, 2026
    risk 0.00cvss epss 0.00

    Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.

  • CVE-2025-60948Mar 23, 2026
    risk 0.00cvss epss 0.00

    Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha.

  • CVE-2025-60947Mar 23, 2026
    risk 0.00cvss epss 0.01

    Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha.

  • CVE-2025-60946Mar 23, 2026
    risk 0.00cvss epss 0.00

    Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access unintended file directories. Fixed in 8.1.0 alpha.