Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown

CVE-2024-32086

Disclosure Date: April 16, 2024 (last updated April 17, 2024)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1.
0
0
Attacker Value
Unknown

CVE-2024-32085

Disclosure Date: April 15, 2024 (last updated July 12, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0.
0
0
Attacker Value
Unknown

CVE-2023-44272

Disclosure Date: October 04, 2023 (last updated October 11, 2023)
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-1293

Disclosure Date: August 01, 2022 (last updated October 08, 2023)
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2011-1756

Disclosure Date: June 21, 2011 (last updated October 04, 2023)
modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
0
0
Attacker Value
Unknown

CVE-2008-3930

Disclosure Date: September 04, 2008 (last updated October 04, 2023)
migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
0
0