Lucene search
K

163 matches found

OSV
OSV
added 2021/07/09 10:15 p.m.4 views

CVE-2020-25875

A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...

5.4CVSS5.6AI score0.00507EPSS
Exploits1References2
Prion
Prion
added 2021/07/09 10:15 p.m.23 views

Cross site scripting

A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...

3.5CVSS5.3AI score0.00507EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/07/09 10:15 p.m.12 views

Cross site scripting

A stored cross site scripting XSS vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter...

3.5CVSS5.3AI score0.00454EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/07/09 10:15 p.m.19 views

Cross site scripting

A stored cross site scripting XSS vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter...

3.5CVSS5.2AI score0.00454EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/07/09 9:56 p.m.25 views

CVE-2020-25875

A stored cross site scripting XSS vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter...

5.3AI score0.00507EPSS
Exploits1References2
CVE
CVE
added 2021/07/09 9:56 p.m.72 views

CVE-2020-25875

CVE-2020-25875 affects Codoforum v5.0.2, where a stored XSS exists in the Smileys feature. The vulnerability occurs via crafted payloads in the Smiley Code parameter, and is exploitable by authenticated attackers to execute web scripts or HTML in the context of the affected forum. The connected d...

5.4CVSS5.3AI score0.00507EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/07/09 9:56 p.m.26 views

CVE-2020-25876

A stored cross site scripting XSS vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter...

5.3AI score0.00454EPSS
Exploits1References2
CVE
CVE
added 2021/07/09 9:56 p.m.71 views

CVE-2020-25876

The CVE-2020-25876 entry concerns Codoforum v5.0.2 with a stored XSS vulnerability in the Pages feature. The issue allows authenticated attackers to inject arbitrary web scripts or HTML via the Page Title parameter, implying a stored payload that could execute in victims’ browsers when loading a ...

5.4CVSS5.3AI score0.00454EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/07/09 9:55 p.m.15 views

CVE-2020-25879

A stored cross site scripting XSS vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter...

5.3AI score0.00454EPSS
Exploits1References2
CVE
CVE
added 2021/07/09 9:55 p.m.73 views

CVE-2020-25879

CVE-2020-25879 is a stored XSS vulnerability in Codoforum v5.0.2, exploitable via the Username field in the Manage Users feature. An authenticated attacker can inject and execute arbitrary scripts/HTML. The CVSS data in the initial document shows a base score of 5.4 (CVSS‑3.1) with Network access...

5.4CVSS5.2AI score0.00454EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/07/09 12:0 a.m.4 views

Codoforum 跨站脚本漏洞

Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload with the "Smiley Code" parameter...

5.4CVSS5.6AI score0.00507EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/07/09 12:0 a.m.6 views

Codoforum 跨站脚本漏洞

Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an authenticated attacker to execute arbitrary web script or HTML via a crafted payload with the "Manage Users" parameter...

5.4CVSS5.5AI score0.00454EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/07/09 12:0 a.m.9 views

Codoforum 跨站脚本漏洞

Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an authenticated attacker to execute arbitrary web script or HTML via a crafted payload with the "Pages" parameter...

5.4CVSS5.5AI score0.00454EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2021/06/29 12:0 a.m.7 views

The vulnerability of the get_topic_info() function (sys/CODOF/Forum/Topic.php) in the Codoforum forum creation software allows a violator to execute arbitrary code.

The vulnerability of the gettopicinfo function sys/CODOF/Forum/Topic.php in the Codoforum forum creation software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system remotely...

10CVSS8.3AI score0.04915EPSS
Exploits1References7Affected Software1
CNVD
CNVD
added 2021/05/13 12:0 a.m.7 views

Codoforum SQL Injection Vulnerability

Codoforum is a free forum package built with PHP and MySQL. A SQL injection vulnerability exists in the gettopicinfo function in sys/CODOF/Forum/Topic.php in Codoforum versions prior to 4.9. A remote attacker can exploit this vulnerability to bypass the administrator page via a leaked administrat...

10CVSS8AI score0.04915EPSS
Exploits1References1
NVD
NVD
added 2021/05/12 12:15 p.m.23 views

CVE-2020-13873

A SQL Injection vulnerability in gettopicinfo in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers pre-authentication to bypass the admin page via a leaked password-reset token of the admin. As an admin, an attacker can upload a PHP shell and execute remote code on the...

10CVSS0.04915EPSS
Exploits1References6
OSV
OSV
added 2021/05/12 12:15 p.m.6 views

CVE-2020-13873

A SQL Injection vulnerability in gettopicinfo in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers pre-authentication to bypass the admin page via a leaked password-reset token of the admin. As an admin, an attacker can upload a PHP shell and execute remote code on the...

9.8CVSS7.7AI score0.04915EPSS
Exploits1References6
Cvelist
Cvelist
added 2021/05/12 11:42 a.m.15 views

CVE-2020-13873

A SQL Injection vulnerability in gettopicinfo in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers pre-authentication to bypass the admin page via a leaked password-reset token of the admin. As an admin, an attacker can upload a PHP shell and execute remote code on the...

10AI score0.04915EPSS
Exploits1References6
CVE
CVE
added 2021/05/12 11:42 a.m.46 views

CVE-2020-13873

Codoforum

10CVSS10AI score0.04915EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2021/05/12 12:0 a.m.5 views

Codoforum SQL注入漏洞

Codoforum is a free forum package built with PHP and MySQL. A SQL injection vulnerability exists in the gettopicinfo function in sys/CODOF/Forum/Topic.php in Codoforum versions prior to 4.9. A remote attacker can exploit this vulnerability to bypass the administrator page via a leaked administrat...

10CVSS6AI score0.04915EPSS
Exploits1References7
Rows per page
Query Builder