RSS   Podatności dla 'Codoforum'   RSS

2022-07-07
 
CVE-2022-31854

CWE-434
 

 
Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.

 
2021-07-09
 
CVE-2020-25875

CWE-79
 

 
A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter.

 
 
CVE-2020-25876

CWE-79
 

 
A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter.

 
 
CVE-2020-25879

CWE-79
 

 
A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter.

 
2021-05-12
 
CVE-2020-13873

CWE-89
 

 
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.)

 
2020-02-16
 
CVE-2020-9007

CWE-79
 

 
Codoforum 4.8.8 allows self-XSS via the title of a new topic.

 
2020-02-15
 
CVE-2020-7050

CWE-79
 

 
Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts.

 
2020-02-13
 
CVE-2020-7051

CWE-79
 

 
Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover.

 
2020-01-07
 
CVE-2020-5843

CWE-79
 

 
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.

 

 >>> Vendor: Codologic 2 Produkty
Com freichat
Codoforum


Copyright 2024, cxsecurity.com

 

Back to Top