Vulnerabilities > Cotonti

DATE CVE VULNERABILITY TITLE RISK
2024-02-08 CVE-2024-24115 Cross-site Scripting vulnerability in Cotonti Siena 0.9.24
A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
cotonti CWE-79
5.4
2013-08-09 CVE-2013-4789 SQL Injection vulnerability in Cotonti Siena
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
network
low complexity
cotonti CWE-89
7.5