Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/tendenci@5.1.424

Type pypi

Namespace

Name tendenci

Version 5.1.424

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-2ebt-9h6c-gbfk

vulnerability_id VCID-2ebt-9h6c-gbfk

summary Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36962

reference_id

reference_type

scores

value	0.00347
scoring_system	epss
scoring_elements	0.57657
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36962

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/tendenci/PYSEC-2026-136.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/tendenci/PYSEC-2026-136.yaml

reference_url

https://github.com/tendenci/tendenci/commit/3e37622cac81440c5a1f97c39f112a2cf4a5450c

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/tendenci/tendenci/commit/3e37622cac81440c5a1f97c39f112a2cf4a5450c

reference_url

https://www.tendenci.com

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.tendenci.com

reference_url

https://www.exploit-db.com/exploits/49145

reference_id

49145

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-28T20:01:26Z/

url

https://www.exploit-db.com/exploits/49145

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36962

reference_id

CVE-2020-36962

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36962

reference_url

https://github.com/advisories/GHSA-4q3w-jgfx-4792

reference_id

GHSA-4q3w-jgfx-4792

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

url

https://github.com/advisories/GHSA-4q3w-jgfx-4792

reference_url

https://github.com/tendenci/tendenci

reference_id

tendenci

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-28T20:01:26Z/

url

https://github.com/tendenci/tendenci

reference_url

https://www.vulncheck.com/advisories/tendenci-csv-formula-injection

reference_id

tendenci-csv-formula-injection

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-28T20:01:26Z/

url

https://www.vulncheck.com/advisories/tendenci-csv-formula-injection

reference_url

https://www.tendenci.com/

reference_id

www.tendenci.com

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-28T20:01:26Z/

url

https://www.tendenci.com/

fixed_packages

url pkg:pypi/tendenci@12.3.2

purl pkg:pypi/tendenci@12.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3b72-f562-ebf6

vulnerability	VCID-6mhn-v935-yueh

vulnerability	VCID-j1rj-1cxs-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tendenci@12.3.2

aliases CVE-2020-36962, GHSA-4q3w-jgfx-4792, PYSEC-2026-136

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ebt-9h6c-gbfk

url VCID-3b72-f562-ebf6

vulnerability_id VCID-3b72-f562-ebf6

summary Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module (which is not enabled by default). This vulnerability allows Remote Code Execution (RCE) by an authenticated user with staff security level due to using Python's pickle module in helpdesk /reports/. The original CVE-2020-14942 was incompletely patched. While ticket_list() was fixed to use safe JSON deserialization, the run_report() function still uses unsafe pickle.loads(). The impact is limited to the permissions of the user running the application, typically www-data, which generally lacks write (except for upload directories) and execute permissions. This issue has been fixed in version 15.3.12.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-23946

reference_id

reference_type

scores

value	0.00658
scoring_system	epss
scoring_elements	0.71533
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-23946

reference_url

https://github.com/tendenci/tendenci/commit/23d9fd85ab7654e9c83cfc86cb4175c0bd7a77f1

reference_id

23d9fd85ab7654e9c83cfc86cb4175c0bd7a77f1

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/

url

https://github.com/tendenci/tendenci/commit/23d9fd85ab7654e9c83cfc86cb4175c0bd7a77f1

reference_url

https://github.com/tendenci/tendenci/commit/2ff0a457614944a1b417081c543ea4c5bb95d636

reference_id

2ff0a457614944a1b417081c543ea4c5bb95d636

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/

url

https://github.com/tendenci/tendenci/commit/2ff0a457614944a1b417081c543ea4c5bb95d636

reference_url

https://github.com/tendenci/tendenci/commit/63e1b84a5b163466d1d8d811d35e7021a7ca0d0e

reference_id

63e1b84a5b163466d1d8d811d35e7021a7ca0d0e

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/

url

https://github.com/tendenci/tendenci/commit/63e1b84a5b163466d1d8d811d35e7021a7ca0d0e

reference_url

https://github.com/tendenci/tendenci/issues/867

reference_id

867

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/

url

https://github.com/tendenci/tendenci/issues/867

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14942

reference_id

CVE-2020-14942

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14942

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-23946

reference_id

CVE-2026-23946

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-23946

reference_url

https://github.com/advisories/GHSA-339m-4qw5-j2g3

reference_id

GHSA-339m-4qw5-j2g3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-339m-4qw5-j2g3

reference_url

https://github.com/tendenci/tendenci/security/advisories/GHSA-339m-4qw5-j2g3

reference_id

GHSA-339m-4qw5-j2g3

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/

url

https://github.com/tendenci/tendenci/security/advisories/GHSA-339m-4qw5-j2g3

reference_url

https://github.com/advisories/GHSA-jqmc-fxxp-r589

reference_id

GHSA-jqmc-fxxp-r589

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/

url

https://github.com/advisories/GHSA-jqmc-fxxp-r589

reference_url

https://docs.python.org/3/library/pickle.html#restricting-globals

reference_id

pickle.html#restricting-globals

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/

url

https://docs.python.org/3/library/pickle.html#restricting-globals

reference_url

https://github.com/tendenci/tendenci/releases/tag/v15.3.12

reference_id

v15.3.12

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-22T21:50:36Z/

url

https://github.com/tendenci/tendenci/releases/tag/v15.3.12

fixed_packages

url pkg:pypi/tendenci@15.3.12

purl pkg:pypi/tendenci@15.3.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j1rj-1cxs-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tendenci@15.3.12

aliases CVE-2026-23946, GHSA-339m-4qw5-j2g3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3b72-f562-ebf6

url VCID-6mhn-v935-yueh

vulnerability_id VCID-6mhn-v935-yueh

summary A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-70959

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.05448
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-70959

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/tendenci/PYSEC-2026-137.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/tendenci/PYSEC-2026-137.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-70959

reference_id

CVE-2025-70959

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-70959

reference_url

https://github.com/advisories/GHSA-g7hj-29xq-r64w

reference_id

GHSA-g7hj-29xq-r64w

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g7hj-29xq-r64w

reference_url

https://github.com/emirhanyucelll/tendenci/blob/main/Readme.md

reference_id

Readme.md

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T14:45:56Z/

url

https://github.com/emirhanyucelll/tendenci/blob/main/Readme.md

fixed_packages

url pkg:pypi/tendenci@15.3.8

purl pkg:pypi/tendenci@15.3.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3b72-f562-ebf6

vulnerability	VCID-j1rj-1cxs-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tendenci@15.3.8

aliases CVE-2025-70959, GHSA-g7hj-29xq-r64w, PYSEC-2026-137

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6mhn-v935-yueh

url VCID-auqn-yf4t-sbhq

vulnerability_id VCID-auqn-yf4t-sbhq

summary Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14942

reference_id

reference_type

scores

value	0.00405
scoring_system	epss
scoring_elements	0.61456
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14942

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/tendenci/PYSEC-2020-112.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/tendenci/PYSEC-2020-112.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14942

reference_id

CVE-2020-14942

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14942

reference_url

https://github.com/advisories/GHSA-jqmc-fxxp-r589

reference_id

GHSA-jqmc-fxxp-r589

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jqmc-fxxp-r589

fixed_packages

url pkg:pypi/tendenci@12.0.11

purl pkg:pypi/tendenci@12.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ebt-9h6c-gbfk

vulnerability	VCID-3b72-f562-ebf6

vulnerability	VCID-6mhn-v935-yueh

vulnerability	VCID-j1rj-1cxs-uudq

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tendenci@12.0.11

aliases CVE-2020-14942, GHSA-jqmc-fxxp-r589, PYSEC-2020-112

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-auqn-yf4t-sbhq

url

VCID-j1rj-1cxs-uudq

vulnerability_id

VCID-j1rj-1cxs-uudq

summary

A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-70960

reference_id

reference_type

scores