Codoforum Security Vulnerabilities and Issues — Codoforum CVE List

Lucene search

CodologicCodoforum

4 matches found

CVE•added 2021/07/09 10:15 p.m.•63 views

CVE-2020-25879

A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter.

5.4CVSS5.2AI score0.00163EPSS

CVE•added 2021/07/09 10:15 p.m.•59 views

CVE-2020-25875

A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter.

5.4CVSS5.3AI score0.00163EPSS

CVE•added 2021/07/09 10:15 p.m.•58 views

CVE-2020-25876

A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter.

5.4CVSS5.3AI score0.00163EPSS

CVE•added 2021/05/12 12:15 p.m.•32 views

CVE-2020-13873

A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on th...

10CVSS10AI score0.12775EPSS