← Back

Centralsquare

centralsquare

5 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Community Development
community_development
3 CVEs
Click2gov Building Permit
click2gov_building_permit
1 CVE
Etrakit.net
etrakit.net
1 CVE

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-59491
1Centralsquare
1Community Development
Dec 31, 2025
Nov 12, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields.
CVE-2025-64281
1Centralsquare
1Community Development
Dec 31, 2025
Nov 12, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
CVE-2025-64280
1Centralsquare
1Community Development
Dec 31, 2025
Nov 12, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
CVE-2025-29980
1Centralsquare
1Etrakit.net
Sep 23, 2025
Mar 20, 2025
9.3 CRITICAL· v4
9.8 CRITICAL· v3
N/A· v2
A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recomm...Show more
A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.Show less
CVE-2023-40362
1Centralsquare
1Click2gov Building Permit
Jun 20, 2025
Jan 12, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the us...Show more
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.Show less