Vulnerabilities > Codiad > Codiad > 2.4.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-25 | CVE-2020-14042 | Cross-site Scripting vulnerability in Codiad ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. | 6.1 |
| 2020-08-24 | CVE-2020-14044 | Server-Side Request Forgery (SSRF) vulnerability in Codiad ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. | 7.2 |
| 2020-08-24 | CVE-2020-14043 | Cross-Site Request Forgery (CSRF) vulnerability in Codiad ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. | 8.8 |
| 2020-03-16 | CVE-2019-19208 | Code Injection vulnerability in Codiad Codiad Web IDE through 2.8.4 allows PHP Code injection. | 7.5 |
| 2018-07-12 | CVE-2018-14009 | Improper Input Validation vulnerability in Codiad Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689. | 10.0 |
| 2017-08-21 | CVE-2017-11366 | OS Command Injection vulnerability in Codiad components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. | 7.5 |
| 2015-01-08 | CVE-2014-9582 | Cross-site Scripting vulnerability in Codiad 2.4.3 Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. | 4.3 |
| 2015-01-08 | CVE-2014-9581 | Path Traversal vulnerability in Codiad 2.4.3 Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. | 5.0 |