Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) tendenci is a Tendenci - The Open Source Association Management System (AMS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `Add/edit User` module, that is rendered upon the `Utility-navs` page visit. Also, HTML Injection exists in the Name parameter via `add module` in Directory Sub-Categories that is mistreated while providing an HTML payload to the input field. How to fix Cross-site Scripting (XSS)? Upgrade `tendenci` to version 12.3.1 or higher.	[,12.3.1)
C Deserialization of Untrusted Data tendenci is a Tendenci - The Open Source Association Management System (AMS) Affected versions of this package are vulnerable to Deserialization of Untrusted Data. It allows unrestricted deserialization in `apps\helpdesk\views\staff.py`. How to fix Deserialization of Untrusted Data? Upgrade `tendenci` to version 12.4 or higher.	[,12.4)
H Cross-site Scripting (XSS) tendenci is a Tendenci - The Open Source Association Management System (AMS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the admin backend. How to fix Cross-site Scripting (XSS)? Upgrade `tendenci` to version 12.3.1 or higher.	[,12.3.1)

Go back to all versions of this package