Lucene search
K

54 matches found

EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42736

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.1AI score0.00175EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42739

Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...

5.4CVSS6AI score0.00136EPSS
Exploits0References2
NVD
NVD
added 6 days ago5 views

CVE-2026-58144

Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...

5.4CVSS0.00136EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-58143

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS0.00175EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-58144

Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...

5.4CVSS6AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 6 days ago11 views

CVE-2026-58144

Cotonti Siena

5.4CVSS6AI score0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 6 days ago8 views

CVE-2026-58144 Cotonti Siena 0.9.26 Stored XSS via PFS Module ntitle Parameter

Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...

5.4CVSS6.2AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-58144 Cotonti Siena 0.9.26 Stored XSS via PFS Module ntitle Parameter

Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...

5.4CVSS0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago27 views

CVE-2026-58143 Cotonti Siena 0.9.26 CSRF via admin.php Config Update Endpoint

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 6 days ago8 views

CVE-2026-58143 Cotonti Siena 0.9.26 CSRF via admin.php Config Update Endpoint

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.3AI score0.00175EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-58143

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.1AI score0.00175EPSS
Exploits0References3
CVE
CVE
added 6 days ago13 views

CVE-2026-58143

Cotonti Siena 0.9.26 and earlier are affected by a cross-site request forgery via the admin.php config update endpoint. The vulnerability lets an unauthenticated attacker trick a logged-in administrator into submitting a forged POST request, bypassing CSRF validation. Attackers can disable the PF...

8.8CVSS6.1AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-57002

Name of the Vulnerable Software and Affected Versions Cotonti Siena versions prior to 0.9.27 Description A cross-site request forgery CSRF issue exists where unauthenticated attackers can modify administrator configurations. This occurs because the admin.php config update handler does not invoke...

8.8CVSS6.3AI score0.00175EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/16 11:31 p.m.4 views

CVE-2021-47808

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...

5.4CVSS6.3AI score0.00238EPSS
Exploits1References1
NVD
NVD
added 2026/01/16 12:16 a.m.4 views

CVE-2021-47808

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...

5.4CVSS0.00238EPSS
Exploits1References4
OSV
OSV
added 2026/01/16 12:16 a.m.5 views

CVE-2021-47808

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...

5.1CVSS5.9AI score
Exploits0References4
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.7 views

Cotonti Siena security vulnerabilities

Cotonti Siena is a powerful open-source web development framework and content manager developed by Cotonti. Version 0.9.19 of Cotonti Siena contains a security vulnerability. This vulnerability stems from the site title parameters in the administrator configuration panel, which contain stored...

5.4CVSS5.5AI score0.00238EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/15 11:25 p.m.28 views

CVE-2021-47808 Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...

5.4CVSS0.00238EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/15 11:25 p.m.1 views

CVE-2021-47808

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...

5.4CVSS5.1AI score0.00238EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/15 11:25 p.m.1 views

CVE-2021-47808 Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...

5.4CVSS5.9AI score0.00238EPSS
Exploits1References4
Rows per page
Query Builder