Csweb

csweb

Vendor: Csprousers • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-60949 1Csprousers 1Csweb Mar 25, 2026 Mar 23, 2026 9.3 CRITICAL· v4 7.5 HIGH· v3 N/A· v2 Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.
CVE-2025-60948 1Csprousers 1Csweb Mar 25, 2026 Mar 23, 2026 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha.
CVE-2025-60947 1Csprousers 1Csweb Mar 25, 2026 Mar 23, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha.
CVE-2025-60946 1Csprousers 1Csweb Mar 26, 2026 Mar 23, 2026 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access unintended file directories. Fixed in 8.1.0 alpha.