tendenci@7.2.76 vulnerabilities

Tendenci - The Open Source Association Management System (AMS)

Direct Vulnerabilities

Known vulnerabilities in the tendenci package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

tendenci is a Tendenci - The Open Source Association Management System (AMS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Add/edit User module, that is rendered upon the Utility-navs page visit. Also, HTML Injection exists in the Name parameter via add module in Directory Sub-Categories that is mistreated while providing an HTML payload to the input field.

How to fix Cross-site Scripting (XSS)?

Upgrade tendenci to version 12.3.1 or higher.

[,12.3.1)
  • C
Deserialization of Untrusted Data

tendenci is a Tendenci - The Open Source Association Management System (AMS)

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. It allows unrestricted deserialization in apps\helpdesk\views\staff.py.

How to fix Deserialization of Untrusted Data?

Upgrade tendenci to version 12.4 or higher.

[,12.4)
  • H
Cross-site Scripting (XSS)

tendenci is a Tendenci - The Open Source Association Management System (AMS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the admin backend.

How to fix Cross-site Scripting (XSS)?

Upgrade tendenci to version 12.3.1 or higher.

[,12.3.1)