Clansphere Security Vulnerabilities and Issues — Clansphere CVE List

Lucene search

CsphereClansphere

6 matches found

CVE•added 2022/11/09 4:15 p.m.•48 views

CVE-2022-43119

A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter.

6.1CVSS5.8AI score0.0028EPSS

CVE•added 2021/03/23 2:15 p.m.•44 views

CVE-2021-27310

Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.

6.1CVSS6AI score0.04092EPSS

CVE•added 2021/03/23 2:15 p.m.•43 views

CVE-2021-27309

Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.

6.1CVSS6AI score0.00874EPSS

CVE•added 2010/05/07 11:0 p.m.•40 views

CVE-2010-1865

Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database ...

7.5CVSS8.8AI score0.01458EPSS

CVE•added 2011/09/23 11:55 p.m.•35 views

CVE-2011-3714

ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php.

5CVSS6.3AI score0.00283EPSS

CVE•added 2015/01/13 11:59 a.m.•33 views

CVE-2014-100010

Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.

4.3CVSS5.8AI score0.00329EPSS