Vulnerabilities > Codologic > Codoforum > 4.8.3

DATE CVE VULNERABILITY TITLE RISK
2021-05-12 CVE-2020-13873 SQL Injection vulnerability in Codologic Codoforum
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin.
network
low complexity
codologic CWE-89
critical
 10.0
10
2020-02-15 CVE-2020-7050 Cross-site Scripting vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4
Codologic Codoforum through 4.8.4 allows a DOM-based XSS.
network
codologic CWE-79
3.5
3.5
2020-02-13 CVE-2020-7051 Cross-site Scripting vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4
Codologic Codoforum through 4.8.4 allows stored XSS in the login area.
network
codologic CWE-79
4.3
4.3
2020-01-07 CVE-2020-5842 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI.
network
low complexity
codologic CWE-79
6.1
6.1
2020-01-07 CVE-2020-5843 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.
network
codologic CWE-79
3.5
3.5
2020-01-05 CVE-2020-5306 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
network
low complexity
codologic CWE-79
4.8
4.8
2020-01-05 CVE-2020-5305 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.
network
codologic CWE-79
3.5
3.5