Show filters
14 Total Results
Displaying 11-14 of 14
Sort by:
Attacker Value
Unknown

CVE-2020-5305

Disclosure Date: January 05, 2020 (last updated February 21, 2025)
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-5306

Disclosure Date: January 05, 2020 (last updated February 21, 2025)
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2014-9261

Disclosure Date: March 23, 2015 (last updated October 05, 2023)
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
0
0
Attacker Value
Unknown

CVE-2013-5952

Disclosure Date: March 19, 2014 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php.
0
0
View More Topics  < Previous