Lucene search
+L

6 matches found

EUVD
EUVD
added 2026/07/10 12:31 a.m.11 views

EUVD-2026-42739

Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...

5.4CVSS6AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2026/07/09 10:7 p.m.11 views

CVE-2026-58144

Cotonti Siena

5.4CVSS6AI score0.00136EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.12 views

PT-2026-57003

Name of the Vulnerable Software and Affected Versions Cotonti Siena versions prior to 0.9.27 Description Authenticated users with PFS access can perform a stored cross-site scripting attack. This occurs when malicious HTML is supplied via the ntitle parameter, which is processed through the TXT...

5.4CVSS6.1AI score0.00136EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 6:46 a.m.5 views

CVE-2026-55746

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pfftitle is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cotimport is disabled, so an authenticated user can...

7.6CVSS5.2AI score0.00171EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/18 6:46 a.m.27 views

CVE-2026-55746

Cotonti 1.0.0 (master, f43f1fc3) is affected by a stored XSS in the Personal File Storage (PFS) module. A folder title field (pff_title) is imported with the TXT filter, which does not strip/encode HTML because the tag check in cot_import is disabled. The title is assigned to the template variabl...

7.6CVSS5.3AI score0.00171EPSS
Exploits0References2
OSV
OSV
added 2024/02/05 10:16 p.m.8 views

CVE-2024-0691

The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to...

4.8CVSS7.4AI score0.00404EPSS
Exploits0References2
Rows per page
Query Builder