CVE-2024-26557

Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter...

CVE-2024-26557

Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter...

Codiad 安全漏洞

Codiad is a website builder from the Codiad team that provides Web-based IDE functionality. A security vulnerability exists in Codiad v2.8.4, which stems from a reflected cross-site scripting XSS vulnerability in the parameter type of the component components/market/dialog.php...

CVE-2024-26557

CVE-2024-26557 affects Codiad v2.8.4 and is a reflected XSS in the parameter type of the endpoint components/market/dialog.php. The root cause is likely unsanitized or insufficiently validated user input in the type parameter, enabling reflected script execution in the web UI. Documented impact i...

CVE-2024-26557

Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter...

PT-2024-21421 · Codiad · Codiad

Name of the Vulnerable Software and Affected Versions: Codiad version 2.8.4 Description: The issue allows reflected XSS via the type parameter in the "components/market/dialog.php" endpoint. This can lead to remote execution. There is no information about the estimated number of potentially...

Codiad information disclosure vulnerability

A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. Upgrading to version...

GHSA-2Q79-56RQ-8V3C Codiad information disclosure vulnerability

A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. Upgrading to version...

CVE-2017-20178

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched...

CVE-2017-20178

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched...

Information disclosure

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched...

CVE-2017-20178 Codiad process.php saveJSON information disclosure

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched...

CVE-2017-20178

The CVE-2017-20178 vulnerability affects Codiad 2.8.0 and is due to improper handling in the saveJSON function within components/install/process.php, where manipulating the data parameter leads to information disclosure. The issue can be triggered remotely, with a relatively high remote attack ve...

Codiad 信息泄露漏洞

Codiad is a website builder from the Codiad team that provides Web-based IDE functionality. An information disclosure vulnerability exists in Codiad version 2.8.0, which stems from a problem with the saveJSON function in the file components/install/process.php, where manipulation of the parameter...

PT-2023-10629 · Codiad · Codiad

Name of the Vulnerable Software and Affected Versions: Codiad version 2.8.0 Description: A vulnerability was found in the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. The...

GHSA-8FHH-HF9W-55P7 Codiad Vulnerable to PHP Magic Hash Vulnerability

Codiad 2.8.4 /componetns/user/class.user.php:Authenticate is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234something can successfully authenticate...

Codiad Vulnerable to PHP Magic Hash Vulnerability

Codiad 2.8.4 /componetns/user/class.user.php:Authenticate is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234something can successfully authenticate...

GHSA-G2X4-256V-5PVX Codiad Cross-site Scripting Vulnerability

A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by co...

Codiad Cross-site Scripting Vulnerability

A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by co...

GHSA-35GP-JXW8-XW6H Codiad CSRF Vulnerability

A Cross Side Request Forgery CSRF vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request withou...