Lucene search
K

15 matches found

NVD
NVD
added 2026/06/18 8:16 a.m.13 views

CVE-2026-55744

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

8.6CVSS0.00177EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 8:16 a.m.16 views

CVE-2026-55745

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cotcheckxg ...

5.4CVSS0.00116EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 8:16 a.m.15 views

CVE-2026-55746

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pfftitle is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cotimport is disabled, so an authenticated user can...

7.6CVSS0.00171EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 6:46 a.m.4 views

CVE-2026-55746

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pfftitle is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cotimport is disabled, so an authenticated user can...

7.6CVSS5.2AI score0.00171EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/18 6:46 a.m.23 views

CVE-2026-55746 Cotonti stored XSS via PFS folder title

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pfftitle is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cotimport is disabled, so an authenticated user can...

7.6CVSS0.00171EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 6:46 a.m.24 views

CVE-2026-55746

Cotonti 1.0.0 (master, f43f1fc3) is affected by a stored XSS in the Personal File Storage (PFS) module. A folder title field (pff_title) is imported with the TXT filter, which does not strip/encode HTML because the tag check in cot_import is disabled. The title is assigned to the template variabl...

7.6CVSS5.3AI score0.00171EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 6:46 a.m.10 views

EUVD-2026-37858

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pfftitle is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cotimport is disabled, so an authenticated user can...

7.6CVSS5.2AI score0.00171EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 6:7 a.m.8 views

EUVD-2026-37856

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cotcheckxg ...

5.4CVSS5.3AI score0.00116EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 6:7 a.m.5 views

CVE-2026-55745

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cotcheckxg ...

5.4CVSS5.3AI score0.00116EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/18 6:7 a.m.21 views

CVE-2026-55745 Cotonti CSRF in PFS folder edit allows unauthorized folder modification

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.editfolder.php, the folder update action 'a=update' updates folder metadata title, description, public/gallery flags without calling cotcheckxg ...

5.4CVSS0.00116EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 6:7 a.m.16 views

CVE-2026-55745

CVE-2026-55745 affects Cotonti 1.0.0 (master, commit f43f1fc3) in the Personal File Storage (PFS) module. The vulnerability arises in modules/pfs/inc/pfs.editfolder.php, where the folder update action (a=update) updates metadata (title, description, public/gallery flags) without calling cot_check...

5.4CVSS5.4AI score0.00116EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 6:6 a.m.5 views

CVE-2026-55744

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

8.6CVSS5.4AI score0.00177EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/18 6:6 a.m.21 views

CVE-2026-55744 Cotonti CSRF in PFS allows forced arbitrary file upload

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

8.6CVSS0.00177EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 6:6 a.m.21 views

CVE-2026-55744

Cotonti 1.0.0 (master, commit f43f1fc3) is vulnerable to CSRF in Personal File Storage (PFS). The file upload action (a=upload) in modules/pfs/inc/pfs.main.php does not call cot_check_xg() to validate the anti-CSRF token, unlike the delete action. A remote attacker could lure an authenticated use...

8.6CVSS5.5AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 6:6 a.m.10 views

EUVD-2026-37855

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

8.6CVSS5.4AI score0.00177EPSS
Exploits0References2
Rows per page
Query Builder