tendenci CVE Vulnerabilities & CVE List (6)

Products (CPE): — CVEs: 6

tendenci vulnerability overview

Aggregates CVE and security vulnerability intelligence across all tendenci-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface production workloads scenarios.

Vulnerability distribution trend (last 24 months)

Showing 16 of 6 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-70960 A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. [email protected] 5.4 0.24% 2026-02-02 2026-06-17
CVE-2025-70959 A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. [email protected] 5.4 0.24% 2026-02-02 2026-06-17
CVE-2020-36962 Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications. [email protected] 5.3 10.68% 2026-01-28 2026-06-16
CVE-2026-23946 Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module (which is not enabled by default). This vulnerability allows Remote Code Execution (RCE) by an authenticated user with staff security level due to using Python's pickle module in helpdesk /reports/. The original CVE-2020-14942 was incompletely patched. While ticket_list() was fixed to use [email protected] 6.8 0.66% 2026-01-21 2026-06-17
CVE-2020-14942 Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. [email protected] 9.8 1.31% 2020-06-21 2026-06-16
CVE-2008-0793 Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third party information. NOTE: it is not clear whether this affects Tendenci Enterprise Edition in addition to the product's deployment on Tendenci's own server farm. If only the latter was affecte [email protected] 4.3 1.06% 2008-02-14 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence