ci4-cms-erp/ci4ms

Licenses: (GPL-3.0 OR MIT) | Unknown | MIT

License

(GPL-3.0 OR MIT)>=0.24.0.16, <0.27.0.0;

Unknown>=0.27.0.0, <0.31.8.0;

>=0.21.0, <0.24.0.16;

>=0.31.8.0;

Known vulnerabilities in the ci4-cms-erp/ci4ms package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
H Cross-site Scripting (XSS)	<0.31.5.0
C Directory Traversal	<0.31.5.0
C Directory Traversal	<0.31.5.0
M Cross-site Scripting (XSS)	<0.31.4.0
C CRLF Injection	<0.31.4.0
C Missing Authentication for Critical Function	<0.31.4.0
M Cross-site Scripting (XSS)	<0.31.4.0
H Directory Traversal	>=0.24.0.42, <0.31.4.0
M Cross-site Scripting (XSS)	>=0.31.0.0, <0.31.4.0
H Cross-site Scripting (XSS)	<0.31.2.0
C Improper Privilege Management	<0.31.0.0
H Incorrect Comparison Logic Granularity	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
M Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Incorrect Comparison Logic Granularity	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
M Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
H Cross-site Scripting (XSS)	<0.31.0.0
M Cross-site Scripting (XSS)	<0.31.0.0
C Arbitrary File Upload	<0.28.5.0
H Arbitrary File Upload	<0.28.5.0
M Information Exposure	<0.28.5.0