Lucene search
K
CsphereClansphere

7 matches found

CVE
CVE
added 2021/03/23 1:28 p.m.78 views

CVE-2021-27309

Clansphere CMS 2011.4 is affected by an unauthenticated reflected Cross‑Site Scripting vulnerability via the "module" parameter. Exploitation could execute arbitrary JavaScript in the victim’s browser, potentially enabling session hijacking, defacement, or information theft. Remediation is to upg...

6.1CVSS6AI score0.01977EPSS
CVE
CVE
added 2021/03/23 1:27 p.m.60 views

CVE-2021-27310

Clansphere CMS 2011.4 is affected by an unauthenticated reflected XSS vulnerability in the language parameter. The Nuclei template confirms unauthenticated reflected XSS, with impact described as enabling arbitrary JavaScript execution in the victim’s browser (session hijacking/defacement as per ...

6.1CVSS6AI score0.02816EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.58 views

CVE-2022-43119

CVE-2022-43119 affects Clansphere CMS v2011.4. It provides a cross-site scripting vulnerability via the Username parameter, allowing attackers to inject arbitrary web scripts/HTML. Root cause appears to be unsanitized/unchecked input in Username, with impact of script execution in the browser. CV...

6.1CVSS5.8AI score0.00473EPSS
CVE
CVE
added 2010/05/07 10:0 p.m.49 views

CVE-2010-1865

CVE-2010-1865 describes multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier. The issues allow remote attackers to execute arbitrary SQL commands through (1) the IP address passed to the cs_getip function in generate.php (Captcha module) and (2) the s_email parameter passed t...

7.5CVSS8.8AI score0.01747EPSS
CVE
CVE
added 2011/09/23 11:0 p.m.47 views

CVE-2011-3714

CVE-2011-3714 affects ClanSphere 2010.0. The vulnerability allows remote attackers to obtain sensitive information through a direct request to a .php file (mods/board/attachment.php), causing an error message that reveals the installation path. The provided sources describe this path disclosure, ...

5CVSS6.3AI score0.01335EPSS
CVE
CVE
added 2015/01/13 11:0 a.m.43 views

CVE-2014-100010

ClanSphere 2011.4 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php. The vulnerability is supported by multiple sources (NVD and OpenVAS) with a CVSS v2 base score of ...

4.3CVSS5.8AI score0.01161EPSS
CVE
CVE
added 2025/08/05 8:0 p.m.18 views

CVE-2012-10034

CVE-2012-10034 affects ClanSphere 2011.3 with a local file inclusion (LFI) flaw caused by improper handling of the cs_lang cookie parameter; unsanitized input enables directory traversal and reading files outside the web root, with null byte (%00) injection to bypass file extension checks. Public...

8.7CVSS6.7AI score0.01331EPSS