Vulnerabilities > Codologic > Codoforum > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-09 CVE-2020-25875 Cross-site Scripting vulnerability in Codologic Codoforum 5.0.2
A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter.
network
low complexity
codologic CWE-79
5.4
5.4
2021-07-09 CVE-2020-25876 Cross-site Scripting vulnerability in Codologic Codoforum 5.0.2
A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter.
network
low complexity
codologic CWE-79
5.4
5.4
2021-07-09 CVE-2020-25879 Cross-site Scripting vulnerability in Codologic Codoforum 5.0.2
A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter.
network
low complexity
codologic CWE-79
5.4
5.4
2020-02-16 CVE-2020-9007 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.8
Codoforum 4.8.8 allows self-XSS via the title of a new topic.
network
low complexity
codologic CWE-79
5.4
5.4
2020-02-15 CVE-2020-7050 Incorrect Permission Assignment for Critical Resource vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4
Codologic Codoforum through 4.8.4 allows a DOM-based XSS.
network
low complexity
codologic CWE-732
5.4
5.4
2020-02-13 CVE-2020-7051 Incorrect Permission Assignment for Critical Resource vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4
Codologic Codoforum through 4.8.4 allows stored XSS in the login area.
network
low complexity
codologic CWE-732
6.1
6.1
2020-01-07 CVE-2020-5842 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI.
network
low complexity
codologic CWE-79
6.1
6.1
2020-01-07 CVE-2020-5843 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.
network
low complexity
codologic CWE-79
4.8
4.8
2020-01-05 CVE-2020-5306 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
network
low complexity
codologic CWE-79
4.8
4.8
2020-01-05 CVE-2020-5305 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.
network
low complexity
codologic CWE-79
4.8
4.8