ci4-cms-erp/ci4ms

Direct Vulnerabilities

Known vulnerabilities in the ci4-cms-erp/ci4ms package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
H External Control of File Name or Path	<0.31.9.0
H Cross-site Scripting (XSS)	<0.31.9.0
M Cross-site Scripting (XSS)	<0.31.9.0
M Improper Input Validation	>=0.31.1.0, <0.31.8.0
M Insufficient Session Expiration	>=0.26.0, <0.31.8.0
H Arbitrary File Upload	>=0.26.0.0, <0.31.7.0
H Cross-site Scripting (XSS)	<0.31.5.0
C Directory Traversal	<0.31.5.0
C Directory Traversal	<0.31.5.0
M Cross-site Scripting (XSS)	<0.31.4.0
C CRLF Injection	<0.31.4.0
C Missing Authentication for Critical Function	<0.31.4.0
M Cross-site Scripting (XSS)	<0.31.4.0
H Directory Traversal	>=0.24.0.42, <0.31.4.0
M Cross-site Scripting (XSS)	>=0.31.0.0, <0.31.4.0
H Cross-site Scripting (XSS)	<0.31.2.0
C Improper Privilege Management	<0.31.0.0
H Incorrect Comparison Logic Granularity	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
M Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Incorrect Comparison Logic Granularity	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
M Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
M Cross-site Scripting (XSS)	<0.31.0.0
C Arbitrary File Upload	<0.28.5.0
H Arbitrary File Upload	<0.28.5.0
M Information Exposure	<0.28.5.0

Vulnerability

Vulnerable Version

<0.31.9.0