Vulnerabilities > Codologic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-07 | CVE-2022-31854 | Unrestricted Upload of File with Dangerous Type vulnerability in Codologic Codoforum 5.1 Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. | 7.2 |
| 2021-07-09 | CVE-2020-25875 | Cross-site Scripting vulnerability in Codologic Codoforum 5.0.2 A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter. | 5.4 |
| 2021-07-09 | CVE-2020-25876 | Cross-site Scripting vulnerability in Codologic Codoforum 5.0.2 A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter. | 5.4 |
| 2021-07-09 | CVE-2020-25879 | Cross-site Scripting vulnerability in Codologic Codoforum 5.0.2 A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter. | 5.4 |
| 2021-05-12 | CVE-2020-13873 | SQL Injection vulnerability in Codologic Codoforum A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. | 9.8 |
| 2020-02-16 | CVE-2020-9007 | Cross-site Scripting vulnerability in Codologic Codoforum 4.8.8 Codoforum 4.8.8 allows self-XSS via the title of a new topic. | 5.4 |
| 2020-02-15 | CVE-2020-7050 | Incorrect Permission Assignment for Critical Resource vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4 Codologic Codoforum through 4.8.4 allows a DOM-based XSS. | 5.4 |
| 2020-02-13 | CVE-2020-7051 | Incorrect Permission Assignment for Critical Resource vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4 Codologic Codoforum through 4.8.4 allows stored XSS in the login area. | 6.1 |
| 2020-01-07 | CVE-2020-5842 | Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3 Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. | 6.1 |
| 2020-01-07 | CVE-2020-5843 | Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3 Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. | 4.8 |