Codoforum Security Vulnerabilities and Issues — Codoforum CVE List

Lucene search

CodologicCodoforum

7 matches found

CVE•added 2020/02/15 6:19 p.m.•82 views

CVE-2020-7050

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies...

5.4CVSS5.6AI score0.00182EPSS

CVE•added 2020/01/07 8:15 p.m.•79 views

CVE-2020-5842

Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.

6.1CVSS5.9AI score0.01819EPSS

CVE•added 2020/01/05 11:15 p.m.•66 views

CVE-2020-5305

Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.

4.8CVSS4.8AI score0.00412EPSS

CVE•added 2020/02/16 8:15 p.m.•66 views

CVE-2020-9007

Codoforum 4.8.8 allows self-XSS via the title of a new topic.

5.4CVSS5.5AI score0.00281EPSS

CVE•added 2020/01/05 11:15 p.m.•61 views

CVE-2020-5306

Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.

4.8CVSS4.8AI score0.0052EPSS

CVE•added 2020/01/07 1:15 p.m.•39 views

CVE-2020-5843

Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.

4.8CVSS4.8AI score0.00412EPSS

CVE•added 2020/02/13 4:15 p.m.•39 views

CVE-2020-7051

Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover.

6.1CVSS6AI score0.01819EPSS