Lucene search
K

163 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:42 p.m.6 views

CVE-2020-5305

Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen...

4.8CVSS6AI score0.00572EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:27 p.m.8 views

CVE-2020-5306

Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content...

4.8CVSS5.9AI score0.0112EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:56 p.m.3 views

CVE-2020-21845

Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'...

6.1CVSS7.2AI score0.00827EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.9 views

CVE-2020-22539

An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file...

7.2CVSS7.9AI score0.0086EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.11 views

CVE-2020-25876

A stored cross site scripting XSS vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter...

5.4CVSS5.5AI score0.00454EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.8 views

CVE-2020-25875

A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...

5.4CVSS5.5AI score0.00507EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.10 views

CVE-2020-25879

A stored cross site scripting XSS vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter...

5.4CVSS5.4AI score0.00454EPSS
Exploits1
NVD
NVD
added 2024/04/15 11:15 p.m.19 views

CVE-2020-22540

Stored Cross-Site Scripting XSS vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component...

5.4CVSS5.6AI score0.00425EPSS
Exploits1References1
OSV
OSV
added 2024/04/15 11:15 p.m.2 views

CVE-2020-22540

Stored Cross-Site Scripting XSS vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component...

5.4CVSS6.1AI score0.00425EPSS
Exploits1References1
NVD
NVD
added 2024/04/15 10:15 p.m.21 views

CVE-2020-22539

An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file...

7.2CVSS7.4AI score0.0086EPSS
Exploits1References1
OSV
OSV
added 2024/04/15 10:15 p.m.7 views

CVE-2020-22539

An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file...

7.2CVSS6.1AI score0.0086EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/15 12:0 a.m.20 views

CVE-2020-22539

An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file...

7.4AI score0.0086EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.6 views

PT-2024-10785 · Codoforum · Codoforum

Name of the Vulnerable Software and Affected Versions: Codoforum version 4.9 Description: An arbitrary file upload vulnerability in the Add Category function allows attackers to execute arbitrary code via uploading a crafted file. Recommendations: For Codoforum version 4.9, consider disabling the...

7.2CVSS8.2AI score0.0086EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.5 views

PT-2024-10786 · Codoforum · Codoforum

Name of the Vulnerable Software and Affected Versions: Codoforum version 4.9 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability, which allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the Category name component...

5.4CVSS6.2AI score0.00425EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/04/15 12:0 a.m.10 views

CVE-2020-22539

An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file...

7.8AI score0.0086EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/15 12:0 a.m.19 views

CVE-2020-22540

Stored Cross-Site Scripting XSS vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component...

5.6AI score0.00425EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.5 views

Codoforum 安全漏洞

Codoforum is a PHP and MySQL based forum software. A security vulnerability exists in Codoforum version v4.9, which stems from an arbitrary file upload vulnerability that could allow an attacker to execute arbitrary code by uploading a crafted file...

7.2CVSS7.6AI score0.0086EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.5 views

Codoforum 安全漏洞

Codoforum is a PHP and MySQL based forum software. A security vulnerability exists in Codoforum version v4.9, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload...

5.4CVSS6.1AI score0.00425EPSS
Exploits1References2
CVE
CVE
added 2024/04/15 12:0 a.m.61 views

CVE-2020-22539

CVE-2020-22539 : An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code by uploading a crafted file. Multiple sources (NVD, Red Hat, CNNVD, CVE lists, PT Security) confirm the issue and affected product/version. The primary...

7.2CVSS7.7AI score0.0086EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/04/15 12:0 a.m.57 views

CVE-2020-22540

CVE-2020-22540 (Codoforum v4.9) is a stored XSS vulnerability in the Category name component. The NVD description, Red Hat advisory, and other connected sources consistently state that an attacker can execute arbitrary code and obtain sensitive information via a crafted payload. The CVSSv3.1 base...

5.4CVSS5.8AI score0.00425EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder