163 matches found
CVE-2020-5305
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen...
CVE-2020-5306
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content...
CVE-2020-21845
Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'...
CVE-2020-22539
An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2020-25876
A stored cross site scripting XSS vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter...
CVE-2020-25875
A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...
CVE-2020-25879
A stored cross site scripting XSS vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter...
CVE-2020-22540
Stored Cross-Site Scripting XSS vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component...
CVE-2020-22540
Stored Cross-Site Scripting XSS vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component...
CVE-2020-22539
An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2020-22539
An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2020-22539
An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file...
PT-2024-10785 · Codoforum · Codoforum
Name of the Vulnerable Software and Affected Versions: Codoforum version 4.9 Description: An arbitrary file upload vulnerability in the Add Category function allows attackers to execute arbitrary code via uploading a crafted file. Recommendations: For Codoforum version 4.9, consider disabling the...
PT-2024-10786 · Codoforum · Codoforum
Name of the Vulnerable Software and Affected Versions: Codoforum version 4.9 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability, which allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the Category name component...
CVE-2020-22539
An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2020-22540
Stored Cross-Site Scripting XSS vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component...
Codoforum 安全漏洞
Codoforum is a PHP and MySQL based forum software. A security vulnerability exists in Codoforum version v4.9, which stems from an arbitrary file upload vulnerability that could allow an attacker to execute arbitrary code by uploading a crafted file...
Codoforum 安全漏洞
Codoforum is a PHP and MySQL based forum software. A security vulnerability exists in Codoforum version v4.9, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload...
CVE-2020-22539
CVE-2020-22539 : An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code by uploading a crafted file. Multiple sources (NVD, Red Hat, CNNVD, CVE lists, PT Security) confirm the issue and affected product/version. The primary...
CVE-2020-22540
CVE-2020-22540 (Codoforum v4.9) is a stored XSS vulnerability in the Category name component. The NVD description, Red Hat advisory, and other connected sources consistently state that an attacker can execute arbitrary code and obtain sensitive information via a crafted payload. The CVSSv3.1 base...