163 matches found
CVE-2020-25875
A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...
Cross site scripting
A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...
Cross site scripting
A stored cross site scripting XSS vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter...
Cross site scripting
A stored cross site scripting XSS vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter...
CVE-2020-25875
A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...
CVE-2020-25875
CVE-2020-25875 affects Codoforum v5.0.2, where a stored XSS exists in the Smileys feature. The vulnerability occurs via crafted payloads in the Smiley Code parameter, and is exploitable by authenticated attackers to execute web scripts or HTML in the context of the affected forum. The connected d...
CVE-2020-25876
A stored cross site scripting XSS vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter...
CVE-2020-25876
The CVE-2020-25876 entry concerns Codoforum v5.0.2 with a stored XSS vulnerability in the Pages feature. The issue allows authenticated attackers to inject arbitrary web scripts or HTML via the Page Title parameter, implying a stored payload that could execute in victims’ browsers when loading a ...
CVE-2020-25879
A stored cross site scripting XSS vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter...
CVE-2020-25879
CVE-2020-25879 is a stored XSS vulnerability in Codoforum v5.0.2, exploitable via the Username field in the Manage Users feature. An authenticated attacker can inject and execute arbitrary scripts/HTML. The CVSS data in the initial document shows a base score of 5.4 (CVSS‑3.1) with Network access...
Codoforum 跨站脚本漏洞
Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload with the "Smiley Code" parameter...
Codoforum 跨站脚本漏洞
Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an authenticated attacker to execute arbitrary web script or HTML via a crafted payload with the "Manage Users" parameter...
Codoforum 跨站脚本漏洞
Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an authenticated attacker to execute arbitrary web script or HTML via a crafted payload with the "Pages" parameter...
The vulnerability of the get_topic_info() function (sys/CODOF/Forum/Topic.php) in the Codoforum forum creation software allows a violator to execute arbitrary code.
The vulnerability of the gettopicinfo function sys/CODOF/Forum/Topic.php in the Codoforum forum creation software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system remotely...
Codoforum SQL Injection Vulnerability
Codoforum is a free forum package built with PHP and MySQL. A SQL injection vulnerability exists in the gettopicinfo function in sys/CODOF/Forum/Topic.php in Codoforum versions prior to 4.9. A remote attacker can exploit this vulnerability to bypass the administrator page via a leaked administrat...
CVE-2020-13873
A SQL Injection vulnerability in gettopicinfo in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers pre-authentication to bypass the admin page via a leaked password-reset token of the admin. As an admin, an attacker can upload a PHP shell and execute remote code on the...
CVE-2020-13873
A SQL Injection vulnerability in gettopicinfo in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers pre-authentication to bypass the admin page via a leaked password-reset token of the admin. As an admin, an attacker can upload a PHP shell and execute remote code on the...
CVE-2020-13873
A SQL Injection vulnerability in gettopicinfo in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers pre-authentication to bypass the admin page via a leaked password-reset token of the admin. As an admin, an attacker can upload a PHP shell and execute remote code on the...
CVE-2020-13873
Codoforum
Codoforum SQL注入漏洞
Codoforum is a free forum package built with PHP and MySQL. A SQL injection vulnerability exists in the gettopicinfo function in sys/CODOF/Forum/Topic.php in Codoforum versions prior to 4.9. A remote attacker can exploit this vulnerability to bypass the administrator page via a leaked administrat...