7 matches found
CVE-2021-27309
Clansphere CMS 2011.4 is affected by an unauthenticated reflected Cross‑Site Scripting vulnerability via the "module" parameter. Exploitation could execute arbitrary JavaScript in the victim’s browser, potentially enabling session hijacking, defacement, or information theft. Remediation is to upg...
CVE-2021-27310
Clansphere CMS 2011.4 is affected by an unauthenticated reflected XSS vulnerability in the language parameter. The Nuclei template confirms unauthenticated reflected XSS, with impact described as enabling arbitrary JavaScript execution in the victim’s browser (session hijacking/defacement as per ...
CVE-2022-43119
CVE-2022-43119 affects Clansphere CMS v2011.4. It provides a cross-site scripting vulnerability via the Username parameter, allowing attackers to inject arbitrary web scripts/HTML. Root cause appears to be unsanitized/unchecked input in Username, with impact of script execution in the browser. CV...
CVE-2010-1865
CVE-2010-1865 describes multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier. The issues allow remote attackers to execute arbitrary SQL commands through (1) the IP address passed to the cs_getip function in generate.php (Captcha module) and (2) the s_email parameter passed t...
CVE-2011-3714
CVE-2011-3714 affects ClanSphere 2010.0. The vulnerability allows remote attackers to obtain sensitive information through a direct request to a .php file (mods/board/attachment.php), causing an error message that reveals the installation path. The provided sources describe this path disclosure, ...
CVE-2014-100010
ClanSphere 2011.4 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php. The vulnerability is supported by multiple sources (NVD and OpenVAS) with a CVSS v2 base score of ...
CVE-2012-10034
CVE-2012-10034 affects ClanSphere 2011.3 with a local file inclusion (LFI) flaw caused by improper handling of the cs_lang cookie parameter; unsanitized input enables directory traversal and reading files outside the web root, with null byte (%00) injection to bypass file extension checks. Public...