A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim...
5.4CVSS
5.9AI Score
0.001EPSS
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra...
6.1CVSS
6.2AI Score
0.001EPSS
modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue....
6.7AI Score
0.034EPSS