Vulnerabilities > Csphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-09 | CVE-2022-43119 | Cross-site Scripting vulnerability in Csphere Clansphere 2011.4 A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter. | 6.1 |
| 2021-03-23 | CVE-2021-27310 | Cross-site Scripting vulnerability in Csphere Clansphere 2011.4 Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter. | 4.3 |
| 2021-03-23 | CVE-2021-27309 | Cross-site Scripting vulnerability in Csphere Clansphere 2011.4 Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter. | 4.3 |
| 2015-01-13 | CVE-2014-100010 | Cross-site Scripting vulnerability in Csphere Clansphere 2011.4 Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php. | 4.3 |
| 2011-09-23 | CVE-2011-3714 | Information Exposure vulnerability in Csphere Clansphere 2010.0 ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php. | 5.0 |
| 2010-05-07 | CVE-2010-1865 | SQL Injection vulnerability in Csphere Clansphere Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php). | 7.5 |