CVE-2022-25317 — CVSS 6.1 (medium): An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.
CVE-2022-25318 — CVSS 4.3 (medium): An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing…
CVE-2023-41363 — CVSS 4.3 (medium): In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.