RSS   Podatności dla 'Codoforum'   RSS

2020-09-14
 
CVE-2020-21845

CWE-79
 

 
Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'

 
2020-01-07
 
CVE-2020-5842

CWE-79
 

 
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.

 
2020-01-05
 
CVE-2020-5306

CWE-79
 

 
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.

 
 
CVE-2020-5305

CWE-79
 

 
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.

 
2015-03-23
 
CVE-2014-9261

 

 
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top