Vulnerabilities > Codologic > Codoforum > 4.8.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-12 | CVE-2020-13873 | SQL Injection vulnerability in Codologic Codoforum A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. | 10.0 |
2020-02-15 | CVE-2020-7050 | Cross-site Scripting vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4 Codologic Codoforum through 4.8.4 allows a DOM-based XSS. | 3.5 |
2020-02-13 | CVE-2020-7051 | Cross-site Scripting vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4 Codologic Codoforum through 4.8.4 allows stored XSS in the login area. | 4.3 |
2020-01-07 | CVE-2020-5842 | Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3 Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. | 6.1 |
2020-01-07 | CVE-2020-5843 | Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3 Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. | 3.5 |
2020-01-05 | CVE-2020-5306 | Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3 Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. | 4.8 |
2020-01-05 | CVE-2020-5305 | Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3 Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. | 3.5 |