Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
CodologicCodoforum

15 matches found

CVE
CVEadded 2022/07/07 12:54 p.m.114 views

CVE-2022-31854

Codoforum v5.1 contains an arbitrary file upload vulnerability exploitable via the logo-change option in the admin panel. The underlying flaw allows uploading files that can be executed on the server, potentially enabling remote code execution after authentication. Public exploit materials and re...

7.2CVSS7AI score0.82601EPSS
Web
CVE
CVEadded 2020/02/15 5:52 p.m.92 views

CVE-2020-7050

Codoforum (Codologic) up to version 4.8.4 is affected by a DOM-based XSS vulnerability. The issue arises when a normal user creates a new topic and adds a poll, which is then automatically loaded in the DOM when the thread is opened. The description notes that session cookies lack the HttpOnly fl...

5.4CVSS5.6AI score0.00182EPSS
CVE
CVEadded 2020/01/07 7:17 p.m.88 views

CVE-2020-5842

CVE-2020-5842 affects Codoforum up to version 4.8.4 (reported for 4.8.3) with cross-site scripting in the user registration page (username field) and observed payloads executed on admin pages. The issue is a stored XSS vulnerability in Codoforum’s login/registration flow. Connected documents also...

6.1CVSS5.9AI score0.01819EPSS
Web
CVE
CVEadded 2020/02/16 7:8 p.m.77 views

CVE-2020-9007

CVE-2020-9007 affects Codoforum 4.8.8. The issue is a self-XSS vulnerability in the title of a new topic, stemming from insufficient validation of client-side data by the web application (CNVD/CVEs describe it as a cross-site scripting flaw). Practical impact is client-side code execution within ...

5.4CVSS5.5AI score0.00281EPSS
CVE
CVEadded 2020/01/05 10:26 p.m.72 views

CVE-2020-5305

CVE-2020-5305 affects Codoforum 4.8.3, exposing a cross‑site scripting (XSS) vulnerability in the admin dashboard via the name field when creating a new user on the Manage Users screen. Public sources consistently describe the issue as a lack of proper validation of client‑side data, enabling inj...

4.8CVSS4.8AI score0.00346EPSS
CVE
CVEadded 2020/01/05 10:32 p.m.72 views

CVE-2020-5306

CVE-2020-5306 affects Codoforum 4.8.3, with a cross-site scripting (XSS) vulnerability that can be triggered by a post using parameters such as display name , title name , or content . The connected documents confirm the vulnerable component (Codoforum 4.8.3) and the XSS class, but do not provide...

4.8CVSS4.8AI score0.00383EPSS
CVE
CVEadded 2021/07/09 9:55 p.m.69 views

CVE-2020-25879

CVE-2020-25879 is a stored XSS vulnerability in Codoforum v5.0.2, exploitable via the Username field in the Manage Users feature. An authenticated attacker can inject and execute arbitrary scripts/HTML. The CVSS data in the initial document shows a base score of 5.4 (CVSS‑3.1) with Network access...

5.4CVSS5.2AI score0.00287EPSS
CVE
CVEadded 2021/07/09 9:56 p.m.67 views

CVE-2020-25875

CVE-2020-25875 affects Codoforum v5.0.2, where a stored XSS exists in the Smileys feature. The vulnerability occurs via crafted payloads in the Smiley Code parameter, and is exploitable by authenticated attackers to execute web scripts or HTML in the context of the affected forum. The connected d...

5.4CVSS5.3AI score0.00287EPSS
CVE
CVEadded 2021/07/09 9:56 p.m.64 views

CVE-2020-25876

The CVE-2020-25876 entry concerns Codoforum v5.0.2 with a stored XSS vulnerability in the Pages feature. The issue allows authenticated attackers to inject arbitrary web scripts or HTML via the Page Title parameter, implying a stored payload that could execute in victims’ browsers when loading a ...

5.4CVSS5.3AI score0.00287EPSS
CVE
CVEadded 2024/04/15 12:0 a.m.51 views

CVE-2020-22539

CVE-2020-22539 : An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code by uploading a crafted file. Multiple sources (NVD, Red Hat, CNNVD, CVE lists, PT Security) confirm the issue and affected product/version. The primary...

7.2CVSS7.7AI score0.00133EPSS
CVE
CVEadded 2024/04/15 12:0 a.m.50 views

CVE-2020-22540

CVE-2020-22540 (Codoforum v4.9) is a stored XSS vulnerability in the Category name component. The NVD description, Red Hat advisory, and other connected sources consistently state that an attacker can execute arbitrary code and obtain sensitive information via a crafted payload. The CVSSv3.1 base...

5.4CVSS5.8AI score0.00202EPSS
CVE
CVEadded 2020/01/07 12:51 p.m.48 views

CVE-2020-5843

Summary: CVE-2020-5843 affects Codoforum 4.8.3 and is a cross-site scripting (XSS) vulnerability. Multiple sources (NVD entry) describe that an XSS can be triggered in the admin dashboard via the Categories on the Manage Users screen. The vulnerability is characterized as an injection/reflective ...

4.8CVSS4.8AI score0.00346EPSS
CVE
CVEadded 2020/02/13 3:43 p.m.48 views

CVE-2020-7051

Codologic Codoforum is affected up to version 4.8.4 by a stored XSS in the login area. The root cause cited across sources is input handling that allows script execution, with an additional note that session cookies lack the HttpOnly flag, contributing to potential account takeover when an attack...

6.1CVSS6AI score0.01819EPSS
CVE
CVEadded 2015/03/23 4:0 p.m.39 views

CVE-2014-9261

Codoforum 2.5.1 is affected by CVE-2014-9261, enabling arbitrary file download via directory traversal through the path parameter to index.php. The root cause is a sanitize() implementation that calls str_replace(".."/"%2e%2e"), but does not assign the result back to the variable, so the traversa...

5CVSS6.7AI score0.17212EPSS
Web
CVE
CVEadded 2021/05/12 11:42 a.m.38 views

CVE-2020-13873

Codoforum

10CVSS10AI score0.12775EPSS