Centralsquare: Security Vulnerabilities
Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-12
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-11-12
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-12
A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.
CVSS Score
9.3
EPSS Score
0.001
Published
2025-03-20
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.
CVSS Score
4.3
EPSS Score
0.061
Published
2024-01-12