Vulnerabilities > Qibosoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-03 CVE-2020-20808 Cross-site Scripting vulnerability in Qibosoft 7.0
Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.
network
low complexity
qibosoft CWE-79
6.1
6.1
2021-12-27 CVE-2020-20943 Cross-Site Request Forgery (CSRF) vulnerability in Qibosoft 7.0
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.
network
low complexity
qibosoft CWE-352
4.3
4.3
2021-12-27 CVE-2020-20946 Cross-site Scripting vulnerability in Qibosoft 7.0
Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.
network
low complexity
qibosoft CWE-79
5.4
5.4
2021-04-28 CVE-2020-18022 Cross-site Scripting vulnerability in Qibosoft Qibocms V7
Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component.
network
low complexity
qibosoft CWE-79
6.1
6.1