Vulnerabilities and security researches forconnector-civicrm-mcrestface connector-civicrm-mcrestface

Apr 01, 2025

CVE, Research URL: CVE-2025-31618
Home page URL: Security reports for Connector to CiviCRM with CiviMcRestFace
Application: Connector to CiviCRM with CiviMcRestFace
Date: Mar 31, 2025
Research Description: Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through 1.0.9.
Affected versions: Min -, max -.
Status: vulnerable

Apr 13, 2025

CVE, Research URL: CVE-2025-32551
Home page URL: Security reports for Connector to CiviCRM with CiviMcRestFace
Application: Connector to CiviCRM with CiviMcRestFace
Date: Apr 11, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace allows Reflected XSS. This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through 1.0.8.
Affected versions: Min -, max -.
Status: vulnerable