Vulnerabilities > Codologic > Codoforum > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-09 | CVE-2020-25879 | Cross-site Scripting vulnerability in Codologic Codoforum 5.0.2 A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter. | 3.5 |
2021-07-09 | CVE-2020-25876 | Cross-site Scripting vulnerability in Codologic Codoforum 5.0.2 A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter. | 3.5 |
2021-07-09 | CVE-2020-25875 | Cross-site Scripting vulnerability in Codologic Codoforum 5.0.2 A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter. | 3.5 |
2020-02-16 | CVE-2020-9007 | Cross-site Scripting vulnerability in Codologic Codoforum 4.8.8 Codoforum 4.8.8 allows self-XSS via the title of a new topic. | 3.5 |
2020-02-15 | CVE-2020-7050 | Cross-site Scripting vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4 Codologic Codoforum through 4.8.4 allows a DOM-based XSS. | 3.5 |
2020-01-07 | CVE-2020-5843 | Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3 Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. | 3.5 |
2020-01-05 | CVE-2020-5305 | Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3 Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. | 3.5 |