6 matches found
EUVD-2020-28184
Malware in sbrugna...
EUVD-2020-28185
Malware in sbrugna...
CVE-2020-7050
Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...
Design/Logic Flaw
Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cooki...
CVE-2020-7050
Codoforum (Codologic) up to version 4.8.4 is affected by a DOM-based XSS vulnerability. The issue arises when a normal user creates a new topic and adds a poll, which is then automatically loaded in the DOM when the thread is opened. The description notes that session cookies lack the HttpOnly fl...
CVE-2020-7051
Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover...