Package impact
PyPI / tendenci
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-70960 | unknown | — | — | 4mo ago | A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | |||
| CVE-2025-70959 | unknown | — | — | 4mo ago | A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | |||
| CVE-2020-36962 | unknown | — | — | 4mo ago | Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payload… | |||
| CVE-2026-23946 | unknown | — | — | 5mo ago | Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization | |||
| CVE-2020-14942 | unknown | — | — | 5y ago | Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. |