4 matches found
EUVD-2020-28185
Malware in sbrugna...
Cross site scripting
Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover...
CVE-2020-7051
Codologic Codoforum is affected up to version 4.8.4 by a stored XSS in the login area. The root cause cited across sources is input handling that allows script execution, with an additional note that session cookies lack the HttpOnly flag, contributing to potential account takeover when an attack...
CVE-2020-5842
CVE-2020-5842 affects Codoforum up to version 4.8.4 (reported for 4.8.3) with cross-site scripting in the user registration page (username field) and observed payloads executed on admin pages. The issue is a stored XSS vulnerability in Codoforum’s login/registration flow. Connected documents also...