Aggregates CVE and security vulnerability intelligence across all centralsquare-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact data exposure and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-59491 | Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields. | [email protected] | 6.1 | 0.17% | 2025-11-12 | 2025-12-31 |
| CVE-2025-64281 | An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials. | [email protected] | 9.8 | 0.40% | 2025-11-12 | 2025-12-31 |
| CVE-2025-64280 | A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field. | [email protected] | 9.8 | 0.30% | 2025-11-12 | 2025-12-31 |
| CVE-2025-29980 | A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development. | 9119a7d8-5eab-497f-8521-727c672e3725 | 9.3 | 0.52% | 2025-03-20 | 2025-09-23 |
| CVE-2023-40362 | An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known. | [email protected] | 4.3 | 0.67% | 2024-01-12 | 2025-06-20 |