4 matches found
CVE-2020-25879
A stored cross site scripting XSS vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter...
Codoforum cross-site scripting vulnerability (CNVD-2021-50177)
Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an authenticated attacker to execute arbitrary web script or HTML via a crafted payload with the "Pages" parameter...
Codoforum SQL Injection Vulnerability
Codoforum is a free forum package built with PHP and MySQL. A SQL injection vulnerability exists in the gettopicinfo function in sys/CODOF/Forum/Topic.php in Codoforum versions prior to 4.9. A remote attacker can exploit this vulnerability to bypass the administrator page via a leaked administrat...
Design/Logic Flaw
Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'...