CentralSquare
Products
4- 3 CVEs
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-45241 | Hig | 0.50 | 7.5 | 0.14 | Aug 26, 2024 | A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. | ||
| CVE-2023-40362 | Med | 0.28 | 4.3 | 0.01 | Jan 12, 2024 | An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known. | ||
| CVE-2025-59491 | 0.00 | — | 0.00 | Nov 12, 2025 | Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields. | |||
| CVE-2025-64280 | 0.00 | — | 0.00 | Nov 12, 2025 | A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field. | |||
| CVE-2025-64281 | 0.00 | — | 0.00 | Nov 12, 2025 | An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials. |
- risk 0.50cvss 7.5epss 0.14
A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.
- CVE-2025-59491Nov 12, 2025risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields.
- CVE-2025-64280Nov 12, 2025risk 0.00cvss —epss 0.00
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
- CVE-2025-64281Nov 12, 2025risk 0.00cvss —epss 0.00
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.