87 matches found
CVE-2026-55746
Cotonti 1.0.0 (master, f43f1fc3) is affected by a stored XSS in the Personal File Storage (PFS) module. A folder title field (pff_title) is imported with the TXT filter, which does not strip/encode HTML because the tag check in cot_import is disabled. The title is assigned to the template variabl...
CVE-2026-55745
CVE-2026-55745 affects Cotonti 1.0.0 (master, commit f43f1fc3) in the Personal File Storage (PFS) module. The vulnerability arises in modules/pfs/inc/pfs.editfolder.php, where the folder update action (a=update) updates metadata (title, description, public/gallery flags) without calling cot_check...
CVE-2026-55744
Cotonti 1.0.0 (master, commit f43f1fc3) is vulnerable to CSRF in Personal File Storage (PFS). The file upload action (a=upload) in modules/pfs/inc/pfs.main.php does not call cot_check_xg() to validate the anti-CSRF token, unlike the delete action. A remote attacker could lure an authenticated use...
CVE-2026-55742
Cotonti 1.0.0 (master, commit f43f1fc3) is vulnerable to CSRF in system/admin/admin.rights.php while performing the update action (a=update). The code path updates group access rights (including via cot_auth_add_group) without calling cot_check_xg() to validate an anti-CSRF token. A remote attack...
CVE-2026-55741
Cotonti 1.0.0 (master, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the admin configuration handler. The vulnerability occurs in system/admin/admin.config.php where the update action (a=update) processes POST data via cot_config_update_options() without calling cot_check_xg() t...
CVE-2021-47808
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...
CVE-2021-47808
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...
CVE-2021-47808
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...
Cotonti Siena security vulnerabilities
Cotonti Siena is a powerful open-source web development framework and content manager developed by Cotonti. Version 0.9.19 of Cotonti Siena contains a security vulnerability. This vulnerability stems from the site title parameters in the administrator configuration panel, which contain stored...
CVE-2021-47808 Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...
CVE-2021-47808
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...
CVE-2021-47808 Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...
CVE-2021-47808
CVE-2021-47808 relates to Cotonti Siena 0.9.19, exposing a stored cross-site scripting (XSS) vulnerability in the admin configuration panel’s site title parameter. The issue allows injection of JavaScript through the ‘maintitle’ field, enabling script execution when administrators view the page. ...
PT-2026-3178
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...
EUVD-2013-4635
Malware in sbrugna...
EUVD-2024-21539
Malicious code in bioql PyPI...
EUVD-2022-42285
Malicious code in bioql PyPI...
EUVD-2022-42284
Malicious code in bioql PyPI...
EUVD-2025-16662
Malicious code in bioql PyPI...
CVE-2025-44115
A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config=edit=core=title. The manipulation of the value of title leads to cross-site scripting...