4 matches found
CVE-2020-25876
A stored cross site scripting XSS vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter...
CVE-2020-25875
A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...
CVE-2020-25875
A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...
CVE-2020-25879
CVE-2020-25879 is a stored XSS vulnerability in Codoforum v5.0.2, exploitable via the Username field in the Manage Users feature. An authenticated attacker can inject and execute arbitrary scripts/HTML. The CVSS data in the initial document shows a base score of 5.4 (CVSS‑3.1) with Network access...