Webcit Security Vulnerabilities and Issues — Webcit CVE List

Lucene search

CitadelWebcit

9 matches found

CVE•added 2009/03/26 5:50 a.m.•42 views

CVE-2009-0364

Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors.

7.5CVSS7.6AI score0.01625EPSS

CVE•added 2020/10/28 7:15 p.m.•39 views

CVE-2020-27739

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

9.8CVSS9.4AI score0.02227EPSS

CVE•added 2007/07/17 1:30 a.m.•36 views

CVE-2007-3822

Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names.

2.6CVSS5.7AI score0.07069EPSS

CVE•added 2023/05/29 7:15 p.m.•36 views

CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potentially allows an attacker...

3.7CVSS4.3AI score0.0009EPSS

CVE•added 2023/05/29 7:15 p.m.•35 views

CVE-2020-29547

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.

5.9CVSS5.7AI score0.00318EPSS

CVE•added 2007/07/17 1:30 a.m.•34 views

CVE-2007-3821

Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.

7.5CVSS7AI score0.0103EPSS

CVE•added 2020/10/28 7:15 p.m.•33 views

CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

6.5CVSS6.3AI score0.00161EPSS

CVE•added 2020/10/28 7:15 p.m.•31 views

CVE-2020-27740

Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

5.3CVSS5.4AI score0.00409EPSS

CVE•added 2020/10/28 7:15 p.m.•29 views

CVE-2020-27741

Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

6.1CVSS6.1AI score0.00336EPSS