Census Csweb vulnerabilities
4 known vulnerabilities affecting census/csweb.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-60947P2HIGHCVSS 8.8≥ 8.0.1, < 8.1.0 alpha2026-03-23
CVE-2025-60947 [HIGH] CWE-434 CVE-2025-60947: Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a mal
Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha.
nvd
CVE-2025-60946P3HIGHCVSS 8.8≥ 8.0.1, < 8.1.0 alpha2026-03-23
CVE-2025-60946 [HIGH] CWE-22 CVE-2025-60946: Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access u
Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated attacker could access unintended file directories. Fixed in 8.1.0 alpha.
nvd
CVE-2025-60949P3HIGHCVSS 7.5≥ 8.0.1, < 8.1.0 alpha2026-03-23
CVE-2025-60949 [HIGH] CWE-200 CVE-2025-60949: Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unaut
Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha.
nvd
CVE-2025-60948P4MEDIUMCVSS 5.4≥ 8.0.1, < 8.1.0 alpha2026-03-23
CVE-2025-60948 [MEDIUM] CWE-79 CVE-2025-60948: Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticat
Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha.
nvd